Hybrid  cloud 
security  scales  up 

Locking  up  data  that  moves 
between  private  and  public 
clouds  can  be  a  slippery  problem 


Anyone 


Anywhere.  On  Any  Device. 

GoToAssist’s  integrated  support 
solutions  give  you  powerful  tools 
for  an  unrivaled  support  experience 


Free  for  30  days 
www.gotoassist.com 
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FROM  THE  EDITOR  JOHN  DIX 

Dell  has  its  work 
cut  out  for  it 

Taking  Dell  private  is  a  bold  move,  but 
won’t  ensure  success.  If  you  can’t  recognize 
opportunities  and  execute  properly  as  a 
public  company,  buy¬ 
ing  yourself  shelter 
from  investors  only 
takes  you  so  far.  The 
bigger  challenge  will  be  rejiggering  the 
corporate  culture  and  core  processes  to 
make  more  innovation  possible. 

Why  take  this  $24  billion  gamble,  which 
saddles  the  company  with  $15  billion  in 
new  debt? 

Stagnated  sales  could  be  one  reason.  Since  fiscal  2008  revenue  has 
flatlined:  $61. lb,  $61.1b,  $52.9b,  $61.5b  and  $62b.  The  company’s  fiscal 
2013  ends  later  this  month  and  analysts  expect  sales  to  dip  to  $56.7b. 

But  the  last  five  years  have  been  hard  on  many  computer  shops.  IBM’s 
2012  sales  of  $104.5b,  for  example,  were  just  a  hair  above  the  2008  mark. 
The  intervening  years  saw  a  high  of  $107b  and  a  low  of  $96b.  HP  fared  bet¬ 
ter  in  that  period,  using  acquisitions  to  grow  top  line  sales,  but  the  fruits  of 
that  labor  have  left  it  with  a  confused  strategy  and  a  loss  of  $12b  in  2012. 

To  reignite  growth  Dell  has  been  trying  to  diversify  its  products  and 
services,  an  effort  it  kicked  off  a  few  years  ago  to  become  an  “end-to-end 
technology  solutions  company.” 

While  Dell  has  managed  to  reduce  its  dependency  on  the  cutthroat  PC 
business,  “Desktops  &  Mobility”  still  accounted  for  a  whopping  54%  of 
sales  in  the  first  nine  months  of  FY13  (ended  Nov.  2).  The  good  news:  Rev¬ 
enue  for  servers  and  networking  grew  9%  in  this  period,  driven  by  the 
acquisitions  of  Force  10  Networks,  SonicWall  and  other  recent  additions. 

The  question  is  whether  Dell  can  scale  these  other  core  sectors  fast 
enough.  Revenue  for  “Mobility”  (notebooks,  mobile  workstations  and 
tablets)  fell  18%  for  the  first  nine  months  of  FY13  (mostly  due  to  lower 
unit  sales),  and  “Desktop”  revenue  was  off  6%  for  the  period  (mostly 
from  falling  prices).  By  way  of  comparison,  Apple  racked  up  more  in  iPad 
sales  last  quarter  than  Dell  mustered  in  Desktop  sales  over  the  first  three 
quarters  of  FY13  —  $10.6b  in  iPads  vs.  Dell’s  $9.8b  worth  of  PCs. 

Add  it  up,  and  it  looks  like  the  company  has  its  work  cut  out  for  it. 

No  wonder  Michael  Dell  wants  to  make  the  sausage  without  sharehold¬ 
ers  looking  over  his  shoulder.  The  question  is,  can  Dell  muster  enough 
cultural  and  process  change  to  capitalize  on  the  newfound  freedom? 
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Time  to  re-evaluate  VNware 

©  VMWARE  STILL  HAS  an  edge  where 
bigger  deployments  are  concerned  in 
my  view  (or  in  any  deployment  where 
avoiding  spinning  discs  to  the  greatest 
extent  is  a  priority).  Being  able  to  install 
the  vSphere  hypervisor  to  something  as 
simple  as  an  internal  SD  card  is  great  (Re: 
“Tough  times  at  VMware”  page  10). 

As  for  stability,  well,  a  cleaned-out 
Linux  core  installation  is  something  I  for 
one  would  rely  on  far  more  happily  than 
a  Windows  core.  We  may  have  no  choice 
on  running  Windows  in  the  VMs,  but 
keeping  that  stuff  off  the  hypervisor  layer 
is  a  win  in  my  book. 

crOft 

©THE  AUTHOR  FORGOT  to  mention  the 
vSphere  5.1  fiasco.  VMware  had  to  release 
two  bug  fix  releases  within  a  matter  of 
weeks  of  the  GA  release.  It  was  riddled 
with  install  problems,  poor  security,  and 
a  brand-new  service  (SSO)  that  clearly 
didn’t  go  through  any  beta  testing. 
Because  of  the  major  flop  of  vSphere  5.1, 1 
know  people  that  are  completely  skipping 
that  release  and  also  looking  at  Hyper-V. 
VMware  really  hurt  itself  by  shipping  a 
product  way  before  it  was  fully  baked. 

SomeOne 

BlackBerry  10  will 
turn  the  tables 

©  I  DISAGREE  WITH  the 

assessment  that  users 
who  want  physical  key¬ 
boards  are  diminishing. 

Our  company  only  has 
60  or  so  BB  users,  and 
nearly  all  of  them  say 
the  physical  keyboard 
is  the  one  feature  that 
they  would  miss  on  the 
iPhone  (Re:  “The  Black- 
Berry  10  announcement  —  has  anything 
changed?”  tinyurl.com/a5k6cac). 

As  far  as  the  “too  little  too  late”  argu¬ 
ment,  well,  seven  years  ago  Apple  and 
others  wanting  to  be  competitive  in  the 
smartphone  market  didn’t  ditch  their 
plans  because  RIM  was  the  standard  for 
a  corporate  smartphone,  they  simply 
focused  on  the  consumer  side.  It  would 
seem  to  me  that  the  position  has  simply 
reversed  —  BlackBerry  is  in  a  good  posi¬ 
tion  to  gain  users  while  the  others  catch  up. 

terry  weaver 


Jailbreaking  vs.  unlocking 

©THE  ISSUE  ISN’T  jailbreaking,  it’s 
unlocking.  And  that  has  nothing  to  do 
with  Apple  —  that’s  all  due  to  the  telco 
industry  in  this  country  wanting  a  lock 
on  their  customers  (Re:  “Jailed  for  jail- 
breaking:  The  new  law  could  land  you  in 
the  slammer”;  tinyurl.com/au71fdb). 

If  I  buy  a  phone  and  keep  paying  my 
bill,  I  should  be  perfectly  free  to  unlock  my 
phone,  even  during  the  term  of  my  con¬ 
tract.  After  all,  the  contracts  already  have 
monetary  penalties  built  in  should  I  termi¬ 
nate  my  contract  before  the  term  is  up. 

Now  I  cannot  even  unlock  my  own 
phone  while  still  otherwise  complying 
with  the  terms  of  the  contract!  It’s  the 
telcos  that  are  to  blame  for  this,  not  Apple, 
not  Samsung,  and  not  BlackBerry. 

compudude 

Lotus  products  greatly  missed 

©  LOTUS  HAD  REALLY  great  products 
that  IBM  just  killed.  And  those  decisions 
were  made  from  the  inside  out.  IBM  said 
to  its  internal  public  that  Notes  would 
be  replaced  by  WebSphere.  Well,  it  was 
the  death  sentence  for  Domino/Notes 
(Re:  “Remembering  Lotus  as  IBM  kills  off 
name”;  page  16). 

Another  memory:  Lotus  Approach  is 
the  best  analyzing  soft¬ 
ware  (for  users  and  not 
programers)  I  had  ever 
seen.  It  is  dead,  too. 

Ricardo  Zerwes 

What  motivated 
Dell  investment? 

©IT  IS  DOUBTFUL  that 
Microsoft  is  seeking 
‘protection”  from  Linux 
with  its  Dell  loan  or 
investment  as  opposed 
to  more  of  a  “hedge”  in 
thwarting  further  Linux  adoption  (Re: 
‘Microsoft  may  be  seeking  protection 
from  Linux  with  Dell  loan”;  tinyurl.com/ 
aym6wlf). 

Most  technology  professionals  in  a  For¬ 
tune  50  firm  with  whom  I  have  discussed 
this  matter  see  it  as  a  continuum  of  Micro¬ 
soft  placing  large  obstacles  in  the  path  of 
Linux  server  growth  that  has  exploded  in 
recent  years,  thanks  to  cloud  computing, 
social  networking  infrastructure  expan¬ 
sion,  and  research  via  supercomputers. 

Wendell  Anderson 


BlackBerry  is  in 
a  good  position 
to  gain  users 
while  the  others 
catch  up. 
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1&1  is  celebrating  its  25th  anniversary. 

Over  the  past  25  years  1&1  has  grown  to  become 
one  of  the  world's  leading  web  hosts.  Today,  with 
12  million  customer  contracts  and  5000  employees 
1&1  provides  superior  web  hosting  and  server 
solutions  to  support  your  business.  In  celebration 
here  is  a  gift  from  us  to  you. 


Server  XL  6 
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Dell  goes 
private, 
creates 
uncertain 
future 

MICHAEL  DELL  HAS  teamed 
up  with  investment  firm  Silver 
Lake  to  buy  computer  maker  Dell, 
the  company  he  founded  as  a  19-year-old  in  1984,  in  a  deal  valued 
at  about  $24.4  billion.  The  deal  includes  a  $2  billion  loan  from 
Microsoft,  which  said  it  views  the  deal  as  a  commitment  to  the 
"long  term  success  of  the  entire  PC  ecosystem."  Others  weren’t 
so  excited:  Dell  is  in  the  midst  of  a  wrenching  transition  from  a 
supplier  of  commodity  hardware,  mainly  traditional  PCs,  to  being 
a  supplier  of  enterprise-grade  IT  infrastructure.  Dell's  ambition 
is  nothing  less  than  offering  the  entire  IT  stack  with  supporting 
services.  The  implication  of  going  private  is  that  Dell  is  planning 
radical  changes  to  its  strategy  and  product  road  map.  While 
the  company  might  come  out  of  this  transition  stronger  with  a 
product  lineup  that  better  meets  the  needs  of  businesses  and 
public  sector  organizations,  there  will  be  uncertainty  as  to  what 
products  and  services  stay,  according  to  Carter  Lusher,  chief  IT 
analyst  at  Ovum,  tinyurl.com/au4f5xb 


Patches  on 
way  for  new 
SSL  attacks 

THE  DEVELOPERS  ofmany 
SSL  libraries  are  releasing 
patches  for  a  vulnerability  that 
could  potentially  be  exploited  to 
recover  plaintext  information, 
such  as  browser  authentica¬ 
tion  cookies,  from  encrypted 
communications.  The  patching 
effort  follows  the  discovery  of 
new  ways  to  attack  SSL,  TLS  and 
DTLS  implementations  that  use 
cipher-block-chaining  mode 
encryption.  The  attacks  apply  to 
all  TLS  and  DTLS  implementa¬ 
tions  that  are  compliant  with 
TLS  1.1  or  1.2,  or  with  DTLS  1.0  or 
1.2  [the  most  recent  versions  of 
the  two  specifications].  They  also 
apply  to  implementations  of  SSL 
3.0  and  TLS  1.0  that  incorporate 
countermeasures  to  previous 
padding  oracle  attacks.  Variant 
attacks  may  also  apply  to  non- 
compliant  implementations.  The 
problems  is  that  end  users  could 
theoretically  be  vulnerable  to 
hackers  when  they  visit  HTTPS 
websites  that  haven’t  applied 
the  patches.  However,  security 
experts  say  the  vulnerability 
is  very  hard  to  exploit,  so  there 
may  be  little  cause  for  alarm. 
tinyurl.com/b8s9jt3 


IT  VIDEO 

Up  close  with 
the  Surface  Pro 

The  latest  Microsoft 
tablet  with  full  Windows  8 
functionality  went  on  sale 
last  weekend  -  check  out 
this  video  report  on  the 
new  device  from  ClO.com’s 
Shane  O’Neill 
tinyurl.com/b4249tg 


Big  Blue  brings 
big  smarts 
to  servers 

IBM'S  NEW  Power  Express 
servers  announced  last  week 
will  integrate  some  hardware 
and  software  elements  derived 
from  Watson.  The  Power 
Express  710, 720, 730  and  740 
servers  start  at  $5,947.  With 
Watson  technologies,  compa¬ 
nies  can  use  the  new  servers 
to  analyze  warehouses  of  data, 
and  to  answer  complex  queries 
with  high  levels  of  confidence. 
The  technologies  will  provide 
insights  into  structured  and 
unstructured  data  at  a  less 
expensive  cost,  IBM  said.  In 
addition  by  keeping  the  price  of 
the  servers  down,  IBM  hopes  to 
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Microsoft, 
Symantec  bash 
vast  botnet 

MICROSOFT  AND  Symantec 
said  last  week  they  had  taken 
out  a  botnet  that  took  over  mil¬ 
lions  of  computers  for  criminal 
activities  such  as  identity  theft 
and  click  fraud.  The  Bamital 
botnet  threatened  the  $12.7  bil¬ 
lion  online  advertising  industry 


by  generating  fraudulent 
clicks  on  Internet  ads,  which 
fund  many  of  the  free  online 
services  available  to  consumers, 
the  companies  said.  Bamital 
infected  as  many  as  8  million 
computers  over  the  past  two 
years.  It’s  the  sixth  botnet 
Microsoft  has  shut  down  in 
the  past  three  years,  and  the 
second  done  in  cooperation 
with  Symantec,  tinyurl.com/ 
a5p9ju9 
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take  on  rivals  like  HP  and  Dell, 
which  sell  tons  of  commodity 
servers  based  on  x86  chips. 

tinyurl.com/a6sak8p 


FTC's  challenge 
nets  744  new 
ways  to  cut 
robocallers  off 

THE  FEDERAL  Trade  Commis¬ 
sion  last  week  said  the  submis¬ 
sion  period  for  its  Robocall 
Challenge  had  ended  and  it  got 
744  new  ideas  for  ways  to  shut 
down  the  annoying  automated 
callers.  The  FTC  noted  that  the 
vast  majority  of  telephone  calls 
that  deliver  a  prerecorded  mes¬ 
sage  trying  to  sell  something 
to  the  recipient  are  illegal.  The 
FTC  regulates  these  calls  under 
the  Telemarketing  Sales  Rule 
and  the  Challenge  was  issued 
to  develop  ways  to  block  illegal 
robocalls  which  despite  the 
agency’s  best  efforts  seem  to  be 
increasing.  The  FTC  Robocall 
Challenge  is  now  in  the  hands  of 
the  judges  which  include  Steve 
Bellovin,  FTC  chief  technologist; 
Henning  Schulzrinne,  Federal 
Communications  Commission 
chief  technologist;  and  Kara 
Swisher  of  All  Things  Digital. 
The  FTC  expects  to  announce 
winners  in  April,  tinyurl.com/ 
a6223J3 

FBI  takes  out 
cyber-fraud  scam 

THE  FBI  last  week  said  it  broke 
up  what  it  called  one  of  the 


largest  credit  card,  cyber-fraud 
schemes  in  its  history  -  a  $200 
million  scam  that  created  more 
than  7,000  false  identities  and 
tens  of  thousands  of  fake  credit 
cards.  The  FBI  said  it  arrested 
13  people  involved  in  the  scam 
which  maintained  more  than 
1,800  “drop  addresses,”  located 
across  the  country  including 
houses,  apartments,  and  post 
office  boxes,  which  they  used  as 
the  mailing  addresses  of  the  false 
identities.  According  to  the  FBI, 
the  defendants  then  created  doz¬ 
ens  of  sham  companies  that  did 
little  or  no  legitimate  business, 
obtained  credit  card  terminals 
for  the  companies,  and  then  ran 
up  charges  on  the  fraud  cards. 
tinyurl.com/bek5k9s 

Trojan  infects 
smartphone 
to  launch 
attack  on  PC 

KASPERSKY  LAB  said 
it  has  discovered  the  first 
ever  Android  malware  app 
that  appears  to  have  been 
designed  not  to  attack  the  host 
smartphone  but  any  PCs  it  is 
subsequently  connected  to. 
Discovered  on  Google  Play, 
targeting  Russian-speakers  dis¬ 
guised  as  a  memory-killer  utility, 
innocent  downloaders  will  end 
up  with  three  malware  files  on 
any  SD  card  plugged  into  their 
smartphones.  Any  PC  that  con¬ 
nects  to  the  phone  while  in  USB 
emulation  mode  (which  treats 
attached  smartphone  drives  as 
external  disks)  and  old  enough 
not  to  disallow  Windows  Auto¬ 
run,  will  be  hit  with  Backdoor. 
MSIL.Ssucl.a.  The  malware 
takes  control  of  the  smartphone. 
Google  has  removed  the  two 
apps  associated  with  the  attack 
from  Play  but  not  before  several 
thousand  users  downloaded  it. 
tinyurl.com/berzwdo 


9th  grader  cashes  in  for 
ditching  Facebook 


A  WELLESLEY,  Mass.,  dad  has  agreed  to  pay  his 
14-year-old  daughter  $200  if  she  ditches  her  Face- 
book  account,  in  an  effort  to  extract  her  from  “the 
24/7  comparison  of  experiences  and  clothes” 
with  other  girls  online.  The  Facebook  Deactiva¬ 
tion  Agreement  was  his  freshman  daughter’s 
idea,  according  to  Paul  Baier,  who  adds  that  he 
hopes  the  notion  will  start  a  trend  among  others 
at  the  school.  Under  the  contract,  the  dad  agrees  to 
pay  his  daughter  $50  in  April  and  $150  in  June  if  she 
sticks  to  her  word  and  stays  off  Facebook  for  the  next 
five  months.  Fie  even  has  access  to  her  password,  so 
that  he  can  kill  the  account  (hmmm,  maybe  Google 
will  pay  her  another  $200  to  join  Google+?). 


Big  Data  warning 

A  RECENT  push  in  the  IT  indus¬ 
try  to  collect  and  monetize  big 
data  is  headed  for  a  clash  with 
privacy  concerns  from  Internet 
users  and  potential  regula¬ 
tion  from  some  governments, 
according  to  tech  analyst  firm  ...  _ 

Ovum.  Internet  advertising 
networks  and  other  companies 
that  depend  on  the  collection 
of  personal  data  online  should 
prepare  for  a  "rebalancing”  of 
the  relationship  between  , ,  ili 

themselves  and  Web  users, 
with  Web  users  having 
more  control  of  their  data, 
said  Mark  Little,  principal 
analyst  at  the  U.K.  tech  and 
business  analysis  firm.  “More  and  more  consum¬ 
ers  are  deciding  to  effectively  become  invisible 
in  data  terms  on  the  Internet.  It  will  shake  the 
Internet  economy  as  more  and  more  users  decide 
they  don’t  want  to  be  tracked.” 


Juniper  router  trouble 


A  FLAW  has  cropped  up  in  Juniper’s  router  operat¬ 
ing  system  that  can  cause  the  systems  to  crash  and 
reboot.  Juniper  discovered  a  potential  TCP  vulnerabil¬ 
ity  that  affects  certain  releases  of  Junos  software 
during  "routine  internal  product  testing,"  the 
company  said.  A  Juniper  spokesperson  would 
not  make  an  advisory  on  it  available  to  Network 
World  for  publication.  But  a  report  in  Australia’s 
iTnews.com  states  that  by  sending  a  specially  crafted 
transmission  control  protocol  packet  to  a  listening 
port  on  a  Juniper  Routing  Engine,  an  exploiter  can 
make  the  kernel  in  Junos  crash,  and  cause  routers  to 
switch  over  or  reboot. 
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Cisco  vs.  Juniper: 

How  different  are  their 
SDN  strategies? 


BYJIM  DUFFY 


ON  THE  surface,  Cisco’s  and  Juniper’s  SDN 
strategies  seem  to  have  sharp  contrasts  if 
recent  announcements  are  any  indication. 
For  example: 

■  Juniper  places  much  more  emphasis  on 
the  software  angle  of  SDN,  even  ushering 
in  a  new  software  licensing  business 
model;  Cisco’s  attempts  to  make  hardware 
as  much,  and  perhaps  even  more,  relevant 
than  software. 

■  Cisco  is  attacking  five  markets  at  once  — 
data  center,  enterprise,  service  provider, 
cloud,  academia  —  with  its  strategy, 
while  Juniper  is  focusing  initially  on  data 
centers. 

■  Juniper  views  SDN  as  much  more  disrup¬ 
tive,  potentially  allowing  it  to  significantly 
increase  share;  Cisco  has  thus  far  made  no 
such  dramatic  market  impact  statements 
regarding  SDN. 

■  As  part  of  its  hardware  focus  on  SDN, 

Cisco  is  funding  a  separate  spin-in 
company  —  Insieme  Networks  —  which  is 
believed  to  be  building  big  programmable 
switches  and  controller(s);  Juniper  has  no 
such  hardware  investments,  but  did  buy 
Contrail  for  $176  million,  again  emphasiz¬ 
ing  the  software  aspect. 

■  Cisco  has  a  timeline  of  2013  deliverables; 
Juniper’s  timeline  pushes  a  controller  and 
SDN  service  “chaining”  capability  out 
into  2014,  and  the  new  software  business 
model  into  2015. 

Yet  analysts  say  the  strategies  are  really 
more  similar  than  different. 

“There  are  some  similarities,”  says  Brad 
Casemore  of  IDC.  “Both  Juniper  and  Cisco  are 
emphasizing  ASICs,  and  therefore  hardware, 
in  their  SDN  strategies.  Both  companies  also 
see  network  and  security  services  —  Layer 
4-7  —  as  virtualized  applications  in  a  pro¬ 
grammable  network.  They  each  have  control¬ 
lers,  but  they  also  will  promote  hybrid  control 
planes  —  decoupled  and  distributed.  Juniper 
is  positioning  for  a  software-licensing  busi¬ 
ness  model,  true,  but  it’s  relatively  early  along 
in  that  process.” 

“It’s  a  different  packaging  strategy  but  both 
seem  equally  focused  on  the  value  of  software 
in  SDN,”  says  Mike  Fratto  of  Current  Analy¬ 
sis.  “Key  points  being  modular,  flexible,  and 
exposing  APIs  for  integration.” 


Juniper  recently  divulged  its 
SDN  strategy  after  months  of 
silence  —  seven  months  after  Cisco  ONE  was 
announced.  Salient  points  of  Juniper’s  plan 
include  separating  networking  software 
into  four  planes  —  Management,  Services, 
Control  and  Forwarding  —  to  optimize  each 
plane  within  the  network;  creating  network 
and  security  service  virtual  machines  by 
extracting  service  software  from  hard¬ 
ware  and  housing  it  on  x86  servers;  using 
a  centralized  controller  that  enables  service 
chaining  in  software,  or  the  ability  to  connect 
services  across  devices  according  to  business 
need;  and  the  new  software-based  licensing 
model,  which  allows  the  transfer  of  software 
licenses  between  Juniper  devices  and  indus¬ 
try-standard  x86  servers,  and  is  designed  to 
allow  customers  to  scale  purchases  based  on 
actual  usage. 

Cisco’s  ONE,  or  Open  Networking  Envi¬ 
ronment,  strategy  includes  an  API  platform 
to  instill  programmability  into  its  three  core 
operating  systems:  IOS,  IOS  XR  and  NX-OS. 
It’s  focused  on  five  key  markets  and  also 
includes  new  programmable  ASICs,  like  the 
UADP  chip  unveiled  with  the  Catalyst  3850 
enterprise  switch,  and  a  software-based  con¬ 
troller  for  data  centers  that  runs  on  x86  serv¬ 
ers.  New  ASICs  are  also  expected  to  be  front- 
and-center  when  Insieme  Networks  unveils 
what’s  expected  to  be  a  high-performance 
programmable  switch  and  controller  line. 

Juniper’s  strategy  initially  targets  data  cen¬ 
ters,  and  its  new  software  licensing  model  is 
based  on  enterprise  practices.  The  company 
will  expand  it  into  its  traditional  carrier  and 
service  provider  customers  from  there. 

Among  the  first  markets  addressed  in  Cis¬ 
co’s  ONE  strategy  are  enterprise  customers, 
data  centers  and  cloud  providers. 

“Juniper  ultimately  sees  SDN  at  all  layers  of 
the  network,  spanning  not  only  the  data  center 
—  edge/access  and  core  —  but  also  the  WAN, 
campus  and  branch,”  says  IDC’s  Casemore. 

“Cisco  sees  data  center  and  cloud  as  near- 
term  markets,  and  its  positioning  to  play 
across  the  board  as  SDN  —  and  its  outcomes, 
network  virtualization  and  network  pro¬ 
grammability  —  extends  its  reach,”  Casemore 
says.  “Again,  there  are  many  similarities.” 

In  terms  of  market  disruption,  Current 
Analysis’  Fratto  says  both  companies  see 
SDN  as  perhaps  equally  disruptive  even 


Juniper’s  MX  series  routers 
will  be  among  the  first  of 
the  company's  hardware 
platforms  to  include  new 
ASICs  optimized  for  SDNs. 


though  one  has 
been  much  more 

vocal  about  that  impact  than  the  other. 

“The  two  companies  view  SDN  as  disrup¬ 
tive  but  they  are  approaching  it  very  differ¬ 
ently,”  he  says.  “Juniper  tends  to  be  more  con¬ 
servative  in  bringing  new  products  to  market, 
particularly  with  Junos.  They  have  a  quarterly 
software  update  cycle  and  they  march  to  that 
drum.  I  think  they  have  a  strong  preference 
for  stability  in  the  platform  and  based  on  their 
consistent  messaging  on  that  topic. 

“For  Cisco,  the  disruption  is  there  but  the 
recent  announcements  tell  a  lot  about  its 
direction  going  forward,”  Fratto  continues. 
“It  signals ...  wanting  to  be  vendor  and  proto¬ 
col  agnostic  versus  promoting  their  own  tech¬ 
nology  over  others.  The  ONE  controller,  for 
example,  is  modular  and  will  support  OnePK 
and  OpenFlow  out  of  the  gate,  but  there  is  no 
reason  other  than  development  that  it  can’t 
support  other  protocols.” 

Casemore  sees  both  companies  reacting  to 
SDN  developments,  rather  than  driving  them. 

“Neither  has  led  the  charge  toward  SDN. 
Both  are  measuring  their  responses,  trying  to 
find  a  balance  between  supporting  their  cus¬ 
tomers  today  while  preparing  for  potentially 
disruptive  shifts.” 

And  Casemore  sees  both  equally  empha¬ 
sizing  hardware,  despite  Juniper’s  software¬ 
intensive  strategy. 

“Juniper  has  a  lot  of  existing  hardware,  and 
hardware  customers,  that  it  will  attempt  to 
fold  info  its  SDN  strategy,”  he  says.  “We  will 
see  hardware  and  software  from  both  Cisco 
and  Juniper,  as  their  common  ASIC  strategies 
suggest.” 

Where  the  strategies  diverge  will  be  in 
partner  ecosystems  for  SDN-enabled  ser¬ 
vices,  Fratto  says. 

“In  both  cases,  they  will  need  to  attract 
partners  into  their  respective  ecosystems. 
The  market  for  services  has  a  ton  of  players  — 
think  [application  delivery  controllers],  fire¬ 
walls,  WAN  optimization.  For  those  services 
to  be  chained,  they  have  to  be  integrated  with 
Juniper’s  stuff.  Same  for  Cisco.  That’s  going  to 
be  the  attractor.”  ■ 
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Twice  the  virtualization. 

Lower  management  costs. 

None  of  the  compromises. 

You’ve  been  looking  for  IT  solutions  that  meet  the  increasingly  sophisticated  demands 
on  your  infrastructure.  IBM  Flex  System,™  featuring  Intel®  Xeon®  processors,  provides 
simplicity,  flexibility  and  control  in  a  system  that  doesn’t  require  compromise. 

It  supports  up  to  twice  the  number  of  virtual  machines  as  the  previous  generation  of 
blade  servers.1  And  IBM  Flex  System  Manager™  can  help  reduce  management  costs 
by  providing  visibility  and  control  of  all  physical  and  virtual  assets  from  a  single  vantage 
point.2 

You  can  select  individual  elements  and  integrate  them  yourself  or  with  the  support 
of  an  IBM  Business  Partner.  Or  you  can  choose  an  IBM  PureFlex™  System  and 
leverage  IBM’s  expert  integration  for  an  even  simpler  experience.  Learn  more  at 
ibm.com/systems/no_compromise 


Learn  why  Clabby  Analytics  says  IBM  Flex  System  is  the  best  blade  offering  in  the 
market.  Download  the  paper  at  ibm.com/systems/no_compromise 


1  Based  on  IBM  testing  and  documented  in  IBM  System  x®  Virtualization  Server  Consolidation  sizing  methodology.  IBM  Flex  System  x240  supports  2.7X  more  Peak  Utilization  Virtual  Machines  (V Ms)  than 
previous  generation  BladeCenter®  HS22V 

2  Based  on  IDC  white  paper  "The  Economics  of  Virtualization:  Moving  Toward  an  Application-Based  Cost  Model,”  Michelle  Bailey,  November  2009,  http://www.vmware.com/files/pdfA/irtualization-application- 
based-cost-model-WP-EN.pdf 

Optional  IBM  Flex  System  storage  node  available  fourth  quarter  2012. 

IBM,  the  IBM  logo,  System  x,  BladeCenter,  PureFlex  IBM  Flex  System  Manager  and  IBM  Flex  System  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation,  registered  in  many 
jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  For  a  current  list  of  IBM  trademarks,  see  www.ibm.com/legal/copytrade.shtml.  Intel,  the  Intel  logo, 
Xeon,  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  U.S.  and/or  other  countries.  ©International  Business  Machines  Corporation  2012.  All  rights  reserved. 
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Tough  times  at  VMware 

VMware  is  laying  off  employees,  exiting  business  units, 
and  its  CTO  and  CEO  have  left.  Should  customers  worry? 


BY  BRANDO N  BUTLER 

IN  SOME  people’s  eyes,  VMware  has  had  a 
tough  past  couple  of  weeks. 

In  the  last  week  of  January,  the  company 
revealed  through  a  financial  filing  its  plans  to 
lay  off 900  employees  and  exit  some  business 
units.  The  same  day,  the  company’s  revenues 
missed  forecasts  pontificated  by  financial 
analysts,  causing  the  company’s  stock  to 
plummeted  22%.  To  top  it  all  off,  the  tech  com¬ 
pany’s  CTO  announced  he’s  leaving  VMware 
to  pursue  a  venture  capitalist  career,  less  than 
six  months  after  the  company  had  a  shakeup 
in  the  CEO  role. 

So,  what’s  going  on  with  VMware?  Once 
the  pre-eminent  hypervisor  company  in  an 
arena  it  practically  invented,  analysts  say 
a  series  of  moves  during  the  past  18  months 
have  reset  the  dynamics  of  the  market. 
VMware  —  which  storage  giant  EMC  owns  a 
majority  stake  of  —  still  holds  a  leading  posi¬ 
tion,  but  Microsoft’s  Hyper-V  hypervisor  is 
quickly  gaining  momentum. 

“There  really  isn’t  any  reason  to  fear  that 
something  drastic  is  going  to  happen  to 
VMware,”  says  Stuart  Miniman,  who  tracks 
the  virtualization  market  for  the  Wikibon 
Project.  “At  the  same  time,  it’s  not  a  bad  time  for 
customers  to  re-evaluate  their  choices,  given 
the  increasing  maturity  of  other  products  on 
the  market.  VSphere  is  still  a  solid  choice,  but 
there  are  other  options  to  consider,  and  some 
may  be  a  more  attractive  price-point.” 

If  Zeus  Kerravala,  an  independent  industry 
analyst  with  ZK  Research  and  a  Network  World 
blogger,  had  to  point  to  one  singular  event 
that  turned  the  hypervisor  market  into  being 
a  hyper-competitive  one,  it  was  what  he  and 
other  pundits  call  the  vTax  flop.  Two  years 
ago,  VMware  changed  the  pricing  model  for 
its  popular  vSphere  5  management  platform, 
charging  customers  based  on  the  amount  of 
virtual  memory  (vRAM)  the  system  man¬ 
ages,  instead  of  a  per-CPU  pricing. 

In  reality,  the  pricing  changes  resulted  in 
some  customers  saving  money  and  others 
paying  slightly  more,  but  a  small  yet  vocal 
tangent  of  customers  almost  immediately 
cried  foul,  leading  to  the  term  “vTax”  to  be 
dubbed.  A  year  later  at  VMworld  2012  the 
company’s  new  CEO  Pat  Gelsinger  reversed 
the  pricing  change  and  reverted  to  the  origi¬ 
nal  pricing  model.  But  the  damage  had  been 
done,  Kerravala  says,  and  the  situation 
“opened  the  door”  for  users  to  look  at  other 


hypervisors.  Microsoft  took  advantage. 

In  the  past  18  months  Microsoft  has  not 
only  been  improving  the  functionality  of 
its  VMware-competing  hypervisor,  but  it  is 
also  making  a  big  marketing  push  to  get  the 
software  into  enterprise  data  centers  where 
VMware  has  dominated.  The  third  genera¬ 
tion  of  Microsoft  Hyper-V  is  included  with  a 
Windows  Server  12  license,  and  the  company 
has  worked  to  beef  it  up.  Microsoft  doubled 
the  RAM  capacity  per  VM  to  1TB,  added  live 
migration  and  upped  the  ability  to  manage 
nodes  per  cluster  from  32  to  64.  “Hyper-V  is 
now  at  feature  parity  for  a  large  percentage  of 
enterprise  workloads,”  says  Forrester  virtu¬ 
alization  analyst  David  Bartoletti.  “It’s  defi¬ 
nitely  ‘good  enough’”  for  many  workloads. 

Kerravala’s  research  backs  this  up,  too. 
A  recent  survey  found  20%  of  respondents 
reporting  they  have  deployed  Microsoft 
Hyper-V  in  production  data  centers,  with 
another  20%  exploring  it.  The  most  surpris¬ 
ing  aspect  of  the  survey:  The  respondents 
were  all  VMware  users.  “Microsoft  is  having 
a  bigger  impact  than  a  lot  of  people  believe,” 
Kerravala  says. 

The  rise  and  maturation  of  Microsoft’s 
“good  enough”  Hyper-V  is  only  part  of  the 
new  dynamics  in  the  virtualization  market, 
though.  The  bigger  issue  is  that  hypervisors 
are  becoming  commoditized  and  VMware 
needs  to  look  beyond  just  hypervisors  for  its 
growth  moving  forward,  Bartoletti  says. 

Mergers  and  acquisitions  seem  to  be 
VMware’s  recent  method  of  choice  to  expand 
its  portfolio,  but  in  doing  so,  the  company 
has  created  new  tensions  with  some  of  its 
oldest  partners.  VMware’s  biggest  splash  in 
the  M&A  market  was  to  drop  $1.26  billion  to 
buy  Nicira,  the  virtual  networking  startup 
headed  by  the  creator  of  the  software-defined 
networking  (SDN)  protocol  OpenFlow.  While 
propelling  VMware  into  the  heart  of  the 
debate  about  next-generation  networking, 
the  acquisition  also  put  a  strain  on  VMware 
and  parent-company  EMC’s  relationship 
with  networking  giant  Cisco.  In  response, 
Cisco  has  hinted  at  moves  to  distance  itself 
from  EMC  and  VMware,  including  recently 
cozying  up  with  EMC  competitor  NetApp. 

The  M&A  strategy  could  be  related  to  the 
layoffs  VMware  has  recently  announced. 
While  company  officials  declined  to  provide 
additional  information  about  which  sections 
of  the  business  will  be  cut  back,  Kerravala  says 
it’s  only  natural  after  M&A  that  efficiencies  can 


424  Enterprise  (20+  employees) 
server  decision  makers  were 
asked  in  Q3,  2012: 

“Which  virtualization 
vendor  do  you  use?” 
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be  created  by  eliminating  duplicate  positions. 
Having  CTO  Steve  Herrod  leave  less  than  six 
months  after  his  former  boss,  Paul  Maritz,  left 
the  top  job  at  VMware,  means  a  fresh  shot  of 
new  ideas  for  the  company,  Kerravala  says. 

Customers  don’t  seem  to  be  hugely  wor¬ 
ried  or  swayed  by  the  recent  goings  with  the 
company.  In  fact,  Kerravala  says  all  in  all, 
increased  competition  between  VMware  and 
Microsoft,  as  well  as  Citrix  with  Xen  Server 
and  Red  Hat  with  the  Kernel-based  Virtual 
Machine  (KVM),  is  a  good  thing  for  custom¬ 
ers,  Kerravala  says. 

Chris  Harney  is  founder  and  president 
of  the  New  England  VMware  User  Group, 
which  recently  changed  its  name  to  the  Vir¬ 
tualization  Technology  User  Group  to  reflect 
the  rise  of  non-VMware  hypervisors  used  in 
the  market.  Harney  says  customers  are  choos¬ 
ing  their  virtualization  technology  based  on 
their  skill  sets,  pricing  and  availability. 

“If  you’re  really  good  with  Citrix,  then  Xen  is 
probably  a  good  away  to  go,”  he  says.  VMware 
has  the  advantage,  he  says,  because  the  com¬ 
pany’s  been  around  longer,  but  he  says  there’s 
a  “perfect  storm"  of  other  hypervisors  matur¬ 
ing,  like  Microsoft  Hyper-V,  while  customers 
are  looking  for  other  options  on  the  market. 
“I  don’t  sense  a  lot  of  concern  by  users  about 
problems  VMware  may  be  having,”  he  says. 
As  long  as  it  doesn’t  impact  the  product,  users 
likely  will  not  care.  “I  don’t  expect  to  see  people 
jumping  ship,  but  it  is  interesting  to  see  that 
there  are  other  viable  options  out  there  on  the 
market  now  for  virtualization.”  ■ 


10  FEBRUARY  ll,  2013  www.networkworld.com 


TREND  ANALYSIS 


First  look:  Microsoft’s  Surface  for  Windows  8  Pro 


BYTIM  GREENE 


LovePffij  hate 


Nothing  is  perfect,  including  Microsoft’s 
Surface  for  Windows  8  Pro  ultrabook, 
but  it  does  have  some  nice  features. 


hmmm 


SBp 
•  : 


1.  It  supports  the  full  version 
of  Windows  8  and  therefore 
any  applications  that  run 
on  Windows  7. 

2.  Has  enough  horsepower  to 
run  Windows  7  in  a  virtual 
machine  for  those  who 
hate  Windows  8. 

3.  It  can  join  business 
network  domains, 


mm 
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1.  You  can't  adjust  the  camera 
angle, 

2.  The  battery  life  is  poor.  Microsoft 
claims  4.5  to  5  hours,  but  it  can 
be  less  depending  on  workload. 

k  3.  You  get  signifi¬ 
cantly  less 
storage  than 


which  is  a  BYOD  plus. 


MICROSOFT’S  HOME-BUILT 

ultrabook  called  Surface  for  Win¬ 
dows  8  Pro  went  on  sale  last  week¬ 
end  and  may  be  the  Windows 
8  device  that  best  meets  a  wide 
range  of  corporate  needs  from 
tablet  to  desktop. 

The  device  is  built  around  an 
Intel  i5  processor  that  gives  it 
plenty  of  power  to  run  intensive 
CAD-CAM  applications,  but  it  also 
has  the  capability  and  portability 
to  perform  as  a  tablet  and  note¬ 
book.  At  2  pounds,  it’s  light  enough 
to  carry  around  all  day  for  workers 
whose  jobs  demand  mobility. 

Plus  the  device  runs  Windows 
8,  giving  it  the  inherent  security 
advantages  the  operating  system 
has  over  Windows  7.  And  for 
those  who  don’t  like  Windows  8, 
the  128GB  version  of  the  device 
has  enough  SSD  space  to  run 
Windows  7  in  its  own  partition. 

There  has  been  a  good  deal  of 
complaining  about  the  charac¬ 
terization  of  SSD  storage  capacity 
in  Surface  Pro.  The  models  come 
with  64GB  or  128GB  drives,  but 
significant  chunks  of  those  drives 
are  unavailable  as  user  space. 

Microsoft  says  only  23GB  is  avail¬ 
able  with  the  64GB  SSD  and  the 
128GB  version  has  only  83GB 
available.  (The  128GB  test  loaner  we  had  said 
84.5GB  was  available.) 

Microsoft  says  various  external  USB  drives, 
cloud  services  (including  Microsoft  SkyDrive 
that  comes  with  the  device)  and  use  of  the 
mieroSDXC  slot  all  represent  options  for 
expanding  storage  space  for  those  who  need  it. 

Battery  life  for  the  device  is  somewhere 
between  4.5  and  5  hours,  Microsoft  says,  but 
it  can  be  worse  depending  on  what  tasks  it’s 
performing.  That’s  less  than  desirable  for  busy 
road  warriors.  The  battery  can’t  be  popped  out 
and  replaced  with  one  that’s  freshly  charged  as 
is  the  case  with  most  laptops. 

The  keyboard  —  which  is  sold  separately 
—  can  be  flipped  under  or  removed  for  the 
device  to  be  used  as  a  tablet  or  notebook.  A 
stylus  using  Wacom  Passive  Pen  technology 
comes  standard  supporting  an  eraser  and 
right  mouse-click. 

The  keyboards’  performances  are  sig¬ 
nificantly  different.  Touch  has  a  flat  surface 
with  the  keyboard  image  embossed  on  it.  The 


“keys”  don’t  depress,  but  they  do  respond  to 
finger-tap  pressure.  The  Type  has  mechani¬ 
cal  keys  that  do  depress. 

The  best  trial  time  our  test  subject  turned 
in  during  a  typing  test  using  Type  keyboard 
was  97  words  per  minute  with  99.5%  accu¬ 
racy.  With  Touch  it  was  83  words  per  minute 
with  97.2%  accuracy.  (The  test  subject  says 
tactile  feedback  is  important  to  a  good  score, 
and  Touch  gives  less  than  Type.  Also  there’s 
a  tendency  initially  to  type  harder  with  Touch 
than  is  necessary,  which  reduces  speed.) 

The  keyboards  attach  to  the  computer  via 
magnetic  strips  strong  enough  to  dangle  the 
2-pound  tablet  from  the  keyboard  without  fear 
of  its  falling  off.  When  the  keyboard  is  folded 
under  to  use  the  device  as  a  tablet  or  notebook, 
a  switch  in  the  hinge  turns  off  keyboard  input 
so  it  doesn’t  fire  off  random  keystrokes. 

Surface  Pro  comes  in  two  models:  64GB 
SSD  for  $899;  128GB  SSD  for  $999.  That 
doesn’t  include  either  Touch  ($120)  or  Type 
($130),  so  the  unit  with  keyboard  could  cost 


as  much  as  $1,130. 

That’s  a  lot  of  money  for  a  tab¬ 
let,  but  if  it’s  for  a  worker  who 
uses  both  a  tablet  and  a  full  desk¬ 
top,  it  becomes  more  reasonable 
by  eliminating  the  need  for  two 
devices.  Plus  Surface  Pro  runs 
any  application  that  runs  on  Win¬ 
dows  7,  so  it  supports  whatever 
standard  corporate  application 
image  is  currently  in  use. 

Also  by  virtue  of  running 
Windows  8,  Surface  Pro  has  bet¬ 
ter  security  than  Windows  7  in  a 
range  of  areas,  including  secure 
boot  and  two  options  for  restor¬ 
ing  machines  to  earlier  versions  if 
they  get  corrupted. 

Windows  8  also  supports  Win¬ 
dows  To  Go,  a  full  manageable 
image  of  a  Windows  8  machine 
on  a  memory  stick  that  can  boot 
up  the  image  on  any  Windows  8 
or  Windows  7  host.  This  means 
workers  can  carry  their  desktop 
in  their  pocket  and  work  on  it 
using  borrowed  devices. 

Getting  back  to  Surface  Pro 
itself,  a  prop  that  Microsoft  calls 
a  kickstand  pops  out  the  back 
to  hold  the  screen  upright  when 
Surface  Pro  is  being  used  as  a  lap¬ 
top.  That  increases  the  tabletop 
footprint  of  the  device  from  10.81 
x  6.81  inches  to  10.81  x  10  inches. 
A  conventional  laptop  with  a 
screen  whose  hinges  hold  it  up  could  sit  in 
the  smaller  space. 

The  device  has  front-  and  rear-facing  720p 
cameras  for  still  and  video  photography  and 
to  support  video  calls  like  Skype.  Because  of 
the  fixed  angle  of  the  screen  where  the  front¬ 
facing  camera  is  positioned,  Microsoft  has 
angled  the  lens  to  properly  frame  the  user. 
But  depending  on  how  tall  the  user  is,  the 
height  of  the  chair  and  the  height  of  the  desk, 
the  user’s  image  can  be  cropped. 

The  1.7GHz  Intel  processor  generates  signif¬ 
icant  heat  so  Surface  Pro  is  equipped  with  two 
fans  that  are  vented  through  a  thin  slot  that 
runs  along  all  four  sides  of  the  edge.  Microsoft 
says  it  has  patented  fan  technology  that  taps 
into  the  device’s  accelerometer,  which  supplies 
information  about  what  angle  it’s  being  held  at 
and  automatically  optimizes  the  spinning  of 
the  fans  to  cool  most  effectively. 

The  fans  are  virtually  inaudible  in  an  office 
building  whose  H  VAC  system  is  running,  but 
they  can  be  heard.  ■ 
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REVIEW:  OFFICE  WEB  APRS  VS  GOOGLE  DOCS 


Office  Web  Apps  cuts  into  Google  Docs’  lead 


BY  MARIA  KOROLOV 

FOR  YEARS,  folks  looking  for  free  online 
word  processing,  spreadsheets,  and  presen¬ 
tations  have  turned  to  Google  Docs.  However, 
Microsoft  recently  released  an  updated  set  of 
Office  Web  Apps,  accessible  to  individual 
users  from  their  SkyDrive  accounts,  and 
to  business  users  through  Office  365  and 
SharePoint. 

The  Microsoft  apps  now  support  printing, 
touch-screen  tablets,  and  add  some  other 
previously  missing  features.  While  overall, 
Google  Apps  offers  more  functionality,  the 
Office  Web  Apps  is  starting  to  show  prom¬ 
ise,  especially  for  companies  committed  to 
the  Microsoft  ecosystem  because  Microsoft’s 
platform  makes  it  simple  to  open  documents 
in  the  full,  desktop-based  Office  software. 

However,  some  Office  Web  Apps  seems  to 
be  missing  key  components  required  for  basic 
usability.  The  Word  Web  App,  for  example,  is 
missing  the  autosave  function  and  the  Excel 
Web  App  doesn’t  allow  users  to  freeze  rows. 

Office  Web  Apps  are  not  the  same  as  Office 
on  Demand,  which  is  a  streaming  service  that 
offers  the  full-featured  Office  software  as  part 
of  an  Office  2013  subscription. 

Both  the  Microsoft  and  Google  platforms 
allow  the  upload,  import,  and  editing  of  Office 
documents,  creation  of  new  documents,  and 
saving  files  in  the  familiar  Office  formats.  Both 
offer  collaboration  tools  and  mobile  access. 

Here’s  a  feature-by-feature  comparison  of 
the  two  products. 

Price 

©  MIXED  BAG 

Microsoft’s  Office  Web  Apps  is  free  for  indi¬ 
vidual  users.  Businesses  can  sign  up  for 
Office  365  plans,  which  start  at  $6  per  user  per 
month  for  up  to  50  users,  and  include  online 
email  and  shared  calendars,  in  addition  to 
the  Office  Web  Apps.  However,  the  basic  plan 
does  not  include  live  support  —  for  that  you’d 
need  to  upgrade  to  the  $8  per  user  per  month 
plan,  which  also  comes  with  a  SharePoint 
intranet.  If  your  company  is  already  using 
SharePoint,  Web  Apps  require  the  purchase 
of  an  additional  license. 

The  basic  version  of  Google  Docs  used  to  be 
free  for  everyone,  including  business  users, 
but  Google  changed  its  pricing  structure  in 
December.  It’s  still  free  for  individual  users, 
and  existing  business  users  on  the  free  plan. 
But  new  business  users  will  need  to  pay  $50 
per  user  per  year,  or  $120  per  user  per  year 
with  advanced  security  and  e-discovery 
features. 


Office  Web  Apps 

■  Word,  Excel,  PowerPoint,  OneNote 

■  Integration  with  desktop-based 
Office  software 

ONLINE  COLLABORATION 

features:  In  progress 

mobile  support:  Varies 

■  Free  version  for  individuals  only 

Google  Docs 

■  Word  processing,  spreadsheet, 
presentations,  graphics 

■  Integration  with  Gmail,  other 
Google  Apps 

ONLINE  COLLABORATION 

FEATURES:  Robust 

mobile  support:  Varies 

■  Free  version  for  both  individuals 
and  pre-existing  business  users 


Storage 

ADVANTAGE  ©  Microsoft 
Microsoft’s  Office  Web  Apps  is  located  on  its 
SkyDrive  platform,  which  currently  comes 
with  7  free  gigabytes  of  storage,  plus  an  unlim¬ 
ited  amount  of  storage  for  the  associated  Hot¬ 
mail  or  Ou  tlook.com  email  account.  Each  addi¬ 
tional  100GB  of  storage  is  $50  per  year. 

Google  Docs  is  located  on  the  Google  Drive 
platform,  which  currently  comes  with  5  free 
gigabytes  of  storage  —  in  addition  to  the  10GB 
for  the  associated  Gmail  account  and  unlim¬ 
ited  storage  for  Google  Docs  and  shared  docu¬ 
ments.  Each  additional  100GB  of  storage  is 
$60  per  year. 

Both  SkyDrive  and  Google  Drive  come 
with  desktop  software  that  allows  users  to 
automatically  synchronize  folders. 

Sharing 

ADVANTAGE  ©  Google 

Both  Office  Web  Apps  and  Google  Docs  allow 
documents  to  be  embedded  in  webpages,  or 
shared  with  collaborators. 

But,  in  general,  Google  offers  a  more 
streamlined  and  complete  collaboration 
experience  for  online  users,  with  integrated 
chat  panes  and  real-time  updates  —  every 
user  of  a  document  sees  the  changes  that 
other  users  are  making,  as  they  are  made.  In 


addition,  Google  Docs  allows  any  document 
to  be  emailed  right  from  the  application,  in 
a  variety  of  formats,  including  the  standard 
Office  formats,  text  and  PDF. 

Office  Web  Apps  promises  better  integra¬ 
tion  with  desktop-based  Office  applications, 
but  the  tools  are  rudimentary,  cumbersome, 
and  inconsistent  across  the  apps. 

Word  processing 

ADVANTAGE  ©  Google 

With  the  Word  Web  App  —  as  with  the  other 
Office  Web  Apps  —  there’s  a  preview  mode, 
which  is  pretty  faithful  to  the  original  docu¬ 
ments.  And  then  there’s  the  edit  mode,  which 
shows  a  simplified  version  of  the  document. 
If  you  are  working  on  a  Word  document  that 
uses  features  that  the  Word  Web  App  doesn’t 
support,  those  features  will  still  be  there  in 
the  document  when  you  re-open  it  with  the 
full  app.  The  result  can  be  confusing,  because 
when  you’re  online  you’re  editing  a  docu¬ 
ment  that  will  look  different  when  printed  or 
downloaded. 

But  the  single  biggest  missing  feature  of  the 
Word  Web  App  is  autosave.  This  is  a  must- 
have  for  any  Web-based  app,  especially  if 
Internet  connectivity  is  intermittent. 

The  word  processor  in  Google  Docs  has 
been  around  the  longest,  has  more  formatting 
tools,  and  has  hundreds  of  fonts.  Plus,  what 
you  see  is  what  you  get:  you  can  save  the  docu¬ 
ment  in  multiple  formats,  and  they’ll  be  faith¬ 
ful  to  what  you’ve  got  on  the  screen. 

Spreadsheet 

©  MIXED  BAG 

Like  the  Word  Web  App,  the  Excel  Web  App 
has  the  ever-present  “ribbon”  interface  style. 

Unlike  the  Word  Web  App,  the  Excel  Web 
App  does  save  changes  automatically,  which 
is  great  news  for  folks  on  iffy  Internet  connec¬ 
tions,  and  for  people  collaborating  online. 

Both  the  Excel  Web  App  and  Google 
Docs’  spreadsheet  app  support  the  standard 
spreadsheet  functions,  including  creating 
charts.  Both  also  have  the  capability  to  create 
Web  surveys  —  called  forms  in  Google  Docs. 

The  Excel  Web  App  supports  more  Excel 
functions  than  Google  Docs  does,  so  complex 
spreadsheets  may  transfer  over  more  easily. 
However,  it  does  not  support  macros,  does  not 
allow  you  to  freeze  header  rows,  and  won’t 
let  you  email  a  copy  of  the  spreadsheet  as  an 
attachment  right  from  the  application. 

The  Google  version  supports  scripts, 
freezes  rows,  and  lets  users  email  a  copy  of 
the  spreadsheet  from  within  the  application 
in  Excel,  PDF  or  CSV  format. 
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The  inability  to  freeze  rows  and  better  col¬ 
laboration  gives  Google  Docs  the  edge  for 
Web-only  users,  but  better  integration  with 
Excel  gives  the  Microsoft  app  the  edge  for 
existing  Office  users. 

Presentations 

ADVANTAGE  ©  Microsoft 
The  PowerPoint  Web  App  offers  a  choice  of 
nine  starting  templates,  while  Google’s  pre¬ 
sentation  app  offers  20  -  but  the  PowerPoint 
templates  are  nicer  than  Google’s.  Both  have 
all  the  basic  editing  tools,  and  ability  to  share 
the  presentations  with  the  public  and  embed 
them  into  websites. 

Graphics 

ADVANTAGE  ©  Google 

Google  Docs  has  a  nice  application  for  col- 
laboratively  creating  simple  graphics  and 
charts  online.  There  is  no  equivalent  tool  in 
the  Office  Web  Apps. 

Mobile 

©  MIXED  BAG 


The  Google  Drive  mobile  allows  editing  of 
word  processing  documents  right  from  the 
app,  and  viewing  of  spreadsheets,  presenta¬ 
tions  and  graphics.  There’s  an  option  to  open 
the  files  in  other  applications  as  well. 

The  SkyDrive  mobile  app  shows  previews 
of  word  processing  documents,  spreadsheets, 
PDFs  and  presentations,  but  not  OneNote 
notebooks.  As  with  the  Google  Drive  app, 
there’s  an  option  to  open  the  files  in  other 
applications. 

Both  SkyDrive  and  Google  Drive  can  also 
be  accessed  from  a  mobile  browser  such  as 
Safari,  and  both  default  to  a  mobile-friendly 
interface.  Google  Docs,  however,  allows 
mobile-friendly  editing  of  spreadsheets  and 
word  processing  documents.  Google  also 
easily  switches  into  “desktop”  mode,  which 
allows  full  editing  of  graphics  files. 

SkyDrive  does  not  easily  switch  into  desk¬ 
top  mode,  and  defaults  back  to  view-only  mode 
for  individual  documents.  However,  there’s  an 
excellent  —  and  free  —  standalone  OneNote 
app  for  the  iPhone  and  Android  platforms  as 
well  as  for  the  Windows  RT  tablet. 


Microsoft  says  all  the  Office  Web  Apps 
documents  are  fully  editable  on  iOS  and  Win¬ 
dows  tablets,  and  are  optimized  for  the  touch 
interface. 

The  tablet  version  of  the  Google  Drive 
app  doesn’t  have  a  lot  of  functionality,  but 
Google  Docs  can  be  easily  accessed  and  edited 
through  a  tablet’s  browser. 

Bottom  Line 

For  existing  Google  Docs  users,  there’s  noth¬ 
ing  —  yet  —  in  Office  Web  Apps  that  should 
make  them  rush  to  switch  over.  Individuals 
and  companies  committed  to  Office,  Share- 
Point  or  Office  36S  should  keep  an  eye  on  the 
Office  Web  Apps,  but  wait  before  committing 
any  money  to  the  platform. 

Microsoft  needs  to  demonstrate  that  it 
is  serious  about  the  Web  apps,  filling  in  the 
missing  functionality,  and  improving  collab¬ 
oration  and  mobile  support  —  even  if  it  cuts 
into  its  existing  Office  user  base.  ■ 

Korolov  is  a  freelance  writer.  She  can  be 
reached  at  maria@tromblyinternational.com. 


NETINSIDER  BY  SCOTT  BRADNER  fll!S!l!l!illlil!iilllilllilliil!ll!llillllillliill 

Waiting  on  Obama’s  online  privacy  effort 


IT  HAS  now  been  just  about  a  year  since  the 
Obama  administration  put  forth  its  online 
privacy  blueprint.  In  spite  of  a  title  on  the 
announcement  that  insisted  “We  Can’t  Wait,”  not  much  has  happened 
since  the  blueprint  was  published.  Meanwhile,  things  are  heating  up 
on  the  online  privacy  front  in  Europe,  and  the  contrast  between  the 
United  States  and  European  viewpoints  is  and  is  not  stark. 

The  Obama  administration  blueprint  starts  off  with  the  clearly  non¬ 
sensical  statement  that  “The  consumer  data  privacy  framework  in  the 
United  States  is,  in  fact,  strong.”  There  is  nothing  that  could  remotely 
be  called  a  “consumer  data  privacy  framework”  in  the  U.S.  Every  com¬ 
pany  that  collects  information  about  you  and  me  is  free  to  do  whatever 
it  wants  with  that  data,  except  for  some  narrow  exceptions  around 
medical  records  and  quirky  things  like  videotape  rental  records,  and 
there  is  an  attempt  to  dilute  even  that  exception.  There  is  nothing  in 
the  U.S.  that  says  you,  as  the  person  some  data  is  about,  has  any  right  to 
know  that  the  data  exists  or  what  it  will  be  used  for  (never  mind  having 
any  say  in  how  it  can  be  used). 

The  European  Union  (EU)  rules  are  a  lot  stronger  and  may  be  getting 
stronger  still,  and  many  in  the  U.S.  are  not  happy  about  the  prospect. 

The  broad  picture  that  the  Obama  blueprint  paints  is  not  all  that  dif¬ 
ferent  from  a  surface  reading  of  the  EU  rules.  The  Obama  blueprint’s 
six  consumer  rights  (individual  control,  transparency,  respect  for  con¬ 
text,  access  and  accuracy,  focused  collection  and  accountability)  sound 
quite  like  the  EU’s  seven  principles  (notice,  purpose,  consent,  security, 
disclosure,  access  and  accountability). 

One  basic  difference  is  in  the  definition  of  “accountability.”  In  both 


the  U.S.  and  the  EU  a  data  holder  is  supposed  to  be  accountable  for 
abiding  by  the  principles  of  consumer  rights.  In  the  EU,  governmental 
authorities  have  big  sticks  they  can  use  to  punish  data  holders  who  do 
not  do  their  part  —  up  to  2%  of  a  company’s  annual  revenue. 

In  the  U.S.  there  is  far  less  of  a  governmental  role.  The  Obama  blue¬ 
print  proposes  to  strengthen  the  role  of  the  Federal  Trade  Commission 
(FTC)  in  enforcement,  but  historically  the  FTC  has  been  more  of  a  kit¬ 
ten  than  a  tiger  when  it  comes  to  enforcement.  Most  of  the  time  the  FTC 
gets  a  company  to  agree  to  not  be  bad  again  and  to  pay  a  fine  that  repre¬ 
sents  a  small  percentage  of  the  extra  money  the  company  made  from 
the  violation.  The  Obama  blueprint  wants  “a  sustained  commitment  of 
all  stakeholders  to  address  consumer  data  privacy  issues  as  they  arise 
from  advances  in  technologies  and  business  models.”  “Commitment” 
is  all  well  and  good,  but  a  few  big  sticks  might  meaningfully  increase 
the  level  of  commitment. 

Having  said  all  that,  some  movement  toward  the  Obama  blueprint 
would  be  nice.  I  can  understand  why  there  was  not  much  movement  in 
an  election  year  but,  it  is  time  to  move.  Some  progress  here  might  avert 
the  worst  of  the  trade  war  with  the  EU  predicted  by  one  U.S.  official.  It 
might  also  be  good  for  you  and  me,  whose  data  is  cached  in  places  we 
have  no  idea  even  exist. 

Disclaimer:  Harvard,  I  assume,  obeys  EU  rules  when  in  the  EU 
but  has  expressed  no  opinion  on  either  the  Obama  blueprint  or  the 
updated  EU  rules.  So  the  above  is  my  desire  for  a  tiny  bit  of  privacy.  ■ 

Bradner  is  a  senior  technology  consultant  at  Harvard  University.  He 
can  be  reached  at  sob@sobco.com. 
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CLEAR  CHOICE  TEST:  OPEN  SOURCE  STORAGE 


FreeNAS:  Flexible  and  fast  storage 


BY  DAVID  NEWMAN 

t  takes  something  different  to  stand 
out  in  the  crowded  network- attached 
storage  market.  How  does  free,  as  in 
free  beer  and  free  speech,  sound? 
That’s  the  premise  behind  FreeNAS, 
the  open-source  storage  software  that  sup¬ 
ports  every  major  file-sharing  protocol  out 
there.  FreeNAS  can  look  like  a  Windows 
server  or  an  iSCSI  target,  among  other  server 
types.  It’s  managed  by  a  Web  interface  that’s 
more  intuitive  than  some  commercial  storage 
appliances  we’ve  used.  And  FreeNAS  offers 
the  innovative  ZFS  file  system,  with  built-in 
integrity  checks,  flexible  and  virtually  unlim¬ 
ited  scalability,  and  good  performance. 

In  this  Clear  Choice  test,  we  evaluated 
FreeNAS  on  an  iX-2212  server  supplied  by 
server  vendor  iXsystems,  a  major  supporter 
of  the  FreeNAS  project.  While  iXsystems  sells 
commercially  supported  TrueNAS  systems 
built  on  FreeNAS,  the  company  made  clear 
that  the  software  package  is  free,  and  can  be 
installed  on  any  PC  hardware,  32-  or  64-bit. 

Installation  is  fast  and  straightforward. 
Once  the  system  is  set  up,  it’s  managed  by 
either  a  well-designed  Web  interface  or  the 
command-line  interface  (CLI).  Even  allow¬ 
ing  for  our  strong  CLI  bias,  we  could  achieve 
virtually  every  task  from  the  Web  UI  as  well, 
right  down  to  setting  low-level  parameters 
in  the  FreeBSD  operating  system  on  which 
FreeNAS  is  based.  (For  those  new  to  FreeBSD, 
the  default  parameters  worked  fine  in  our 
testing;  there’s  no  need  to  change  OS  param¬ 
eters,  or  know  anything  about  FreeBSD,  for 
that  matter.) 

FreeNAS  supports  multiple  file-sharing 
protocols,  including  CIFS,  NFS  and  iSCSI, 
making  it  suitable  as  a  file-sharing  device 
for  Windows,  Mac  and  Unix/Linux  clients. 
And  iSCSI  support  makes  FreeNAS  a  good 
choice  for  shared  storage  of  virtual  machines. 
FreeNAS  also  can  act  as  an  FTP  and  TFTP 
server,  and  it  supports  rsync  for  backup  to 
and  from  the  appliance.  And  it  can  be  config¬ 
ured  as  a  backup  server  for  Windows  Shadow 
Copy  and  Apple  Time  Machine. 

Thanks  to  its  ZFS  support,  FreeNAS  per¬ 
forms  “snapshots”  of  its  file  systems  for  local 
and  remote  backups,  similar  to  Windows 
restore  points.  FreeNAS  can  send  snapshots 
incrementally,  1‘educing  backup  sizes.  Even  if 
all  the  redundancy  features  in  a  FreeNAS  sys¬ 
tem  were  to  fail,  the  data  would  still  be  recov¬ 
erable  by  restoring  a  backed-up  snapshot  to 
a  new  system. 

A  FreeNAS  appliance  can  act  as  an 
iTunes  streaming  media  server,  a  universal 
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plug-and-play  (uPNP)  server  or  a  Web  server, 
all  using  available  plug-ins.  The  plug-ins  use 
FreeBSD’s  virtual  “jails,”  which  means  a 
problem  with  one  plug-in  won’t  affect  any¬ 
thing  in  the  rest  of  the  system. 

Introducing  ZFS 

Perhaps  the  best  single  feature  in  FreeNAS 
is  its  optional  use  of  the  zettabyte  file  sys¬ 
tem  (ZFS),  first  developed  by  Sun  and  now 
actively  maintained  as  a  FreeBSD  project. 

A  ZFS  system  can  hold  a  16-exabyte  file 
(about  18  million  terabytes)  or  200  million 
files.  Even  in  a  big  data  world,  capacity  isn’t 
going  to  be  a  problem  with  ZFS. 

ZFS  is  a  speedy  performer,  as  we’ll  show 
with  test  results,  but  it’s  also  extremely  flex¬ 
ible  and  easy  to  manage.  It  supports  up  to  18.4 
quintillion  snapshots  for  a  virtually  unlim¬ 
ited  amount  of  rolling  backward  and  forward. 

Data  integrity  is  a  ZFS  hallmark.  Instead  of 
relying  on  the  underlying  hardware  to  detect 
errors,  every  block  in  a  ZFS  system  uses  a 
256-bit  checksum  to  validate  data.  In  a  redun¬ 
dant  system  using  mirroring  or  RAID,  ZFS 
automatically  reconstructs  any  corrupted 
blocks  without  user  intervention.  Because 
ZFS  continually  validates  data  integrity  on 
disk,  a  FreeNAS  appliance  can  survive  loss  of 
power  without  the  need  to  run  the  Unix  fsck 
command  on  each  volume  afterward. 

And  ZFS  is  really  a  RAID  controller, 
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Product 

FreeNAS 

Price 

Free  for  software;  $7,800 
for  iX-2212  appliance 
supplied  by  iXsystems 

URL 

freenas.org 

Pros 

No-cost  software; 
easy  to  manage;  good 
performance;  ZFS 
offers  unparalleled  data 
integrity  and  flexibility 

Cons 

ZFS  does  best  with 
lots  of  RAM 

volume  manager  and  file  system  rolled  into 
one.  There’s  no  need  for  separate  manage¬ 
ment  tools  for  each,  as  in  many  other  enter¬ 
prise  storage  products. 

On  the  RAID  front,  FreeNAS  offers  lots 
of  choices  for  how  volumes  are  assembled. 
In  addition  to  many  RAID  choices  (RAID  0, 
1, 5,  6, 10, 50  and  60),  ZFS  has  two  of  its  own 
methods  called  raidzl  and  raidz2.  The  raidzl 
option  is  similar  to  RAID  5,  except  that  it  can 
tolerate  the  loss  of  multiple  disks,  thus  fixing 
RAID  5’s  “write  hole”  problem.  The  raidz2 
option  is  similar  to  RAID  6,  offering  double 
parity  checking,  and  like  raidzl  it  too  can 
handle  the  loss  of  multiple  disks. 

Unlike  conventional  volume  managers  and 
file  systems,  ZFS  doesn’t  use  fixed-size  parti¬ 
tions  or  volumes.  If  current  volumes  don’t 
offer  enough  capacity,  ZFS  makes  it  easy  to 
add  more  —  to  a  live  production  system,  with 
zero  downtime.  During  testing,  we  expanded 
a  ZFS  storage  pool  using  one  command,  with 
no  need  to  take  devices  or  file  systems  offline. 
This  expandability  even  extends  to  adding 
different-size  disks  into  a  storage  pool  (though 
the  usual  size  rules  with  RAID  still  apply). 

ZFS  also  offers  optional  compression  of 
selected  storage  pools.  This  can  improve  per¬ 
formance,  since  the  time  taken  to  compress  a 
pool  is  faster  than  the  time  to  read  and  write 
uncompressed  data  to  disk.  Compression  is 
a  natural  fit  for  storage  pools  with  lots  of  text 
files,  such  as  logs. 

The  drawbacks  with  using  ZFS  are  minor, 
and  might  not  even  be  considered  draw¬ 
backs  in  many  cases.  First,  because  ZFS  owes 
much  of  its  performance  to  caching,  it’s  best 
installed  on  servers  with  lots  of  RAM.  While 
6GB  will  suffice  in  theory,  in  practice  ZFS  sys¬ 
tems  should  have  more  —  lots  more.  The  sys¬ 
tem  iXsystems  supplied  had  48GB  of  RAM, 
though  we’ve  also  run  FreeNAS  in  systems 
with  16GB  and  24GB  of  RAM  with  good 
results.  In  general,  though,  the  more  ZFS  can 
cache,  the  faster  its  I/O  performance. 

If  available  RAM  is  really  an  issue, 
FreeNAS  also  can  be  installed  using  Free¬ 
BSD’s  regular  UFS  file  system  with  as  little 
as  2GB  of  RAM. 

Second,  due  to  licensing  issues,  ZFS  runs 
mainly  on  BSD  systems,  though  there  is  a 
Linux  port  available  (of  ZFS  only,  not  the  entire 
FreeNAS  system).  The  choice  of  operating 
system  is  a  nonissue  with  FreeNAS,  which  is 
a  turnkey  distribution  built  on  FreeBSD.  Even 
users  unfamiliar  with  FreeBSD  should  be  fine 
with  FreeNAS,  since  it’s  managed  through  an 
intuitive  and  powerful  Web  interface. 

Licensing  is  really  only  an  issue  for  devel¬ 
opers.  ZFS’s  Common  Development  and 
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FreeNAS  performance 

FreeNAS  is  fast,  especially  with  sequential  reads  and  re-reads. 

NFS  I/O  performance  (MBps) 
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Distribution  License  (CDDL)  license  allows 
free  re-use  of  source  code  (incl  uding  the  right 
to  convert  to  closed-source  code),  while  the 
GNU  2.0  and  3.0  licenses  in  the  Linux  world 
require  changes  to  be  committed  back  into 
open-source  distributions. 

FreeNAS  performance 

Storage  performance  benchmarking  is  a 
complex  topic,  with  many  variables  involved. 
To  determine  how  FreeNAS  would  handle 
the  most  common  types  of  operations,  we  set 
up  a  10-gigabit  test  bed  and  used  the  open- 
source  iozone  benchmarking  tool. 

The  key  variables  in  I/O  performance 
involve  the  kinds  of  operations  a  storage 
device  will  handle.  Devices  may  move  data 
in  small  or  large  blocks  —  think  of  a  data¬ 
base  handling  small  transactions,  versus  a 
file  manager  moving  large  virtual  machine 
images  around.  The  type  of  operation  also 
is  important;  writing  to  a  disk  tends  to  take 
longer  than  reading  from  it.  Due  to  caching, 
an  initial  read  or  write  operation  probably 
will  take  longer  than  a  re-read  or  re-write. 
And  operations  that  use  sequential  blocks 
on  a  disk  will  outperform  random  reads  and 
writes,  since  in  the  latter  case,  the  disk  head 
moves  around  a  lot. 

We  configured  the  IOzone  tool  to  measure 
I/O  performance  for  six  test  cases,  each  with 
the  FreeNAS  appliance  acting  as  a  Network 
File  System  (NFS)  server  for  two  NFS  cli¬ 
ents,  also  equipped  with  10-gigabit  Ethernet 
adapters.  We  ran  all  six  sets  of  tests  twice, 
using  small  and  large  record  sizes. 

One  thing  we  did  not  do  was  allow  FreeNAS 
to  use  all  48GB  of  the  RAM  in  the  server  sup¬ 
plied  by  iXsystems.  Like  any  modern  operat¬ 
ing  system,  FreeBSD  puts  as  much  data  as 
possible  into  RAM  before  having  to  swap  out 
to  disk.  Serving  data  from  RAM  means  much 
higher  performance  for  relatively  small  reads 
and  writes,  but  it’s  not  representative  of  the 
performance  users  would  see  in  production. 
This  is  especially  true  when  many  users  are 
involved;  then,  reading  and  writing  from  disk 
becomes  inevitable. 

To  ensure  a  balance  of  disk  I/O  and  cach¬ 
ing  performance,  we  configured  the  FreeNAS 
server  to  use  only  6GB  of  RAM,  the  minimum 
supported  with  ZFS,  and  then  we  read  or 
wrote  64GB  in  each  test  —  well  in  excess  of 
the  available  RAM.  We  also  configured  both 
NFS  client  machines  to  use  6GB  of  RAM,  even 
though  both  had  16GB  available. 

Test  results 

FreeNAS  performance  is  fast,  especially 
with  sequential  reads  and  re-reads  (see  the 
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figure  above).  Storage  performance  tests  usu¬ 
ally  measure  I/O  in  bytes  per  second;  when 
expressed  in  bits,  FreeNAS  read  and  re-read 
data  at  rates  at  or  above  6Gbps. 

That  6Gbps  top  speed  also  includes  several 
other  factors:  The  6Gbps  speed  limit  of  SATA 
3  disks;  the  overhead  added  by  the  NFS  proto¬ 
col;  the  contention  among  multiple  TCP  flows 
(there  were  16  threads  active  during  these 
tests);  and  the  amount  of  disk  I/O  relative  to 
data  read  from  RAM.  The  top  speeds  achieved 
here  are  about  as  fast  as  the  hardware  could 
possibly  go  under  these  test  conditions. 

Write  and  re-write  performance  was 
slower  than  reads,  as  usual  in  I/O  bench¬ 
marking.  With  sequential  rewrites,  FreeNAS 
moved  traffic  at  rates  of  around  280MBps. 
Curiously,  sequential  rewrites  went  twice  as 
fast  with  4KB  records  than  with  64KB  ones. 
The  most  likely  explanation  is  that  the  time 
involved  in  writing  the  larger  amount  of  data 
to  disk  favored  the  smaller  record  size. 

Sequential  write  and  read  tests  are 
meaningful  when  writing  or  reading  large 
amounts  of  data  on  a  relatively  empty  disk. 
Once  the  disk  fills  up,  or  if  the  application 
involves  reading  from  different  parts  of  a 
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database,  then  random  read  and  write  tests 
become  more  important. 

Results  are  much  slower  for  random  read 
and  write  tests.  That’s  not  surprising  consider¬ 
ing  that  disk  heads  move  around  a  lot  more  in  a 
random  test  than  they  would  with  sequential 
operations.  Here,  the  larger  64KB  records  help, 
since  there’s  more  time  spent  writing  or  read¬ 
ing  relative  to  disk  seek  time.  Still,  both  4KB 
and  64KB  read  and  write  times  are  just  a  frac¬ 
tion  of  the  sequential  times. 

In  the  worst  case,  writes  of  4KB  records 
are  just  3MBps,  compared  with  276MBps 
with  sequential  writes.  In  fairness,  though, 
any  storage  systems  would  do  far  worse  in 
random  tests  than  in  sequential  ones.  These 
results  aren’t  a  reflection  on  FreeNAS  or  ZFS. 

Overall,  FreeNAS  offers  a  very  positive 
story,  with  flexibility,  ease  of  management, 
good  performance  —  and  a  price  that  can’t 
be  beat.  ■ 

Newman  is  a  member  of  the  Network  World 
Lab  Alliance  and  president  of  Network  Test, 
an  independent  test  lab  and  engineering 
services  consultancy.  He  can  be  reached  at 
dnewman@networktest.com. 
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Remembering  Lotus  as  IBM  kills  off  name 


BY  JULIE  SARTAIN 

THIRTY-ONE  YEARS  ago,  Massachusetts- 
based  software  developers  Mitch  Kapor  and 
Jonathan  Sachs  created  a  program  —  an  elec¬ 
tronic  spreadsheet  —  that  would  change  the 
world.  A  year  later,  on  Jan.  26, 1983,  Lotus 
Development  Corp.  released  Lotus  1-2-3  for 
the  IBM  PC  and  grossed  $53  million  in  sales. 
The  following  year,  sales  tripled  to  more  than 
$150  million. 

IBM  bought  Lotus  in  1995  and  kept  the 
Notes  product  line  alive.  IBM  announced 
this  past  December  that  the  newest  release  of 
Notes/Domino  would  drop  the  Lotus  name. 
And  the  annual  Lotusphere  conference  was 
conducted  last  week  under  the  name  Con¬ 
nect  2013. 

Many  other  Lotus  products  have  come  and 
gone  through  the  years  including  Symphony, 
SmartSuite  and  Lotus  Works.  But  the  great¬ 
est  and  most  successful  product  was  Lotus 


an  agreement  from  1984  until  Lotus  acquired 
Iris  in  1994.  Iris  was  responsible  for  all  prod¬ 
uct  development,  and  Lotus  was  responsible 
for  everything  else  (marketing,  sales,  distri¬ 
bution,  support). 

According  to  Ozzie,  the  Lotus  brand  was, 
initially,  all  about  desktop  computing;  it 
was  about  tools  for  personal  empowerment 
and  personal  computing.  With  the  advent  of 
Notes,  the  Lotus  brand  grew  to  be  inclusive 
of  tools  for  interpersonal  empowerment  and 
collaborative  work  —  things  that  today  are 
regarded  as  “tools  for  social  productivity.” 

“The  post-PC  world  of  today  makes  the 
‘desktop’  attributes  of  the  original  Lotus  brand 
far  less  relevant  to  today’s  offerings  and,  in 
that  respect,  it  may  have  been  a  hindrance  to 
IBM.  Furthermore,  IBM  has  itself  evolved 
and  expanded  over  the  years  from  being  a 
‘tools  and  technologies’  company  to  being  a 
‘solutions’  company.  And,  over  that  period  — 
driven,  in  large  part,  by  the  Internet  —  social 


to  provide  these  features,”  Halvorsen  says. 
“Ray  and  I  worked  on  the  low-level  coding 
framework,  as  well  as  developing  the  Notes 
database  (a.k.a.  ‘NSF’)  implementation  and  the 
word  processing  component.  I  also  acted  as  the 
overall  development  project  leader  coordinat¬ 
ing  the  work  lists  and  tracking  development 
schedules,  plus  coordinated  the  work  of  creat¬ 
ing  intermediate  beta  versions  of  the  code  for 
testing.” 

Kapor  had  previously  developed  two  busi¬ 
ness  programs  for  VisiCorp:  VisiTrend  (a 
statistics  program)  and  VisiPlot  (a  program 
that  generated  business  charts)  before  taking 
on  Lotus.  He  made  $500,000  on  the  spread¬ 
sheet  version,  VisiCalc,  before  VisiCorp 
bought  him  out  for  $1.7  million.  But  Kapor 
wanted  more  —  he  wanted  a  spreadsheet 
that  would  translate  digits  into  graphs  and 
calculate  numbers  at  lightning  speed,  so  he 
partnered  with  Sachs  to  develop  Lotus  1-2-3. 

Kapor  raised  $5  million  (from  investors) 
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Notes  (a.k.a.  Domino/Notes),  a  new  type 
of  software  program  labeled  “groupware,” 
which  was  designed  for  several  computer 
users  to  collaborate  on  projects  from  long¬ 
distance  locations  via  a  network. 

Notes  was  founded  and  developed  in  1984 
by  Ray  Ozzie,  Tim  Halvorsen  and  Len  Kawell, 
with  Steven  Beckhardt  soon  to  follow.  The 
product  did  not  launch  until  five  years  later.  It 
wasn’t  until  Sheldon  Laube,  CIO  of  Pricewater- 
houseCoopers  (PwC),  contracted  for  10,000 
copies  of  Notes  the  day  before  it  launched  that 
the  world  came  to  really  know  Lotus. 

Today,  the  loss  of  the  name  doesn’t  sadden 
the  Lotus  founders,  but  does  provide  fond 
memories  of  what  life  was  like  in  the  group¬ 
ware’s  beginning. 

Ozzie  founded  Iris  Associates  in  Decem¬ 
ber  1984  to  create  Notes.  Iris  and  Lotus  had 


technologies  have  been  woven  into  most  every 
solution  that  they  build,”  Ozzie  says. 

Iris  Associates  co-founder  Halvorsen 
recalls,  “We  were  all  friends  from  our  college 
days,  having  all  worked  on  the  development 
team  of  a  computer  system  at  the  University 
of  Illinois  called  PLATO,  a  computer-based 
learning  system.  The  PLATO  system  had 
a  number  of  features  that  allowed  people  to 
interact;  e.g.,  electronic  mail,  real-time  chat¬ 
ting  and  group  discussions.” 

According  to  Halvorsen,  the  trio  decided 
to  use  their  experience  to  create  ways  for  the 
new  personal  computers  to  easily  commu¬ 
nicate,  which  would  then  allow  the  users  to 
easily  and  effectively  communicate  and  col¬ 
laborate  with  each  other. 

“We  started  out  immediately  designing 
and  writing  the  first  version  of  Lotus  Notes 


and,  in  January  1983,  Lotus  1-2-3  became  the 
No.  1  software  program  on  the  planet,  sell¬ 
ing  close  to  110,000  copies  in  nine  months 
at  $495  per  unit.  By  December  1983,  Lotus 
was  the  second-largest  software  company 
in  the  world  (behind  Microsoft)  with  sales  of 
$53  million  (which  tripled)  and  a  staff  of  250 
(which  doubled)  by  1984. 

Sachs  spent  10  months  writing  Lotus  1-2-3 
in  Assembly  for  the  IBM  personal  computer. 
The  program  was  almost  completely  bug- 
free,  lightning  fast  and  extremely  efficient. 
Lotus  introduced  the  on-screen  hierarchical 
letter  menus  (accessed  by  typing  the  slash 
key  prior  to  executing  the  commands);  for 
example,  keystrokes  slash  key,  letter  F,  let¬ 
ter  S  means  “File  Save.”  This  user  access 
design  is  still  used  in  most  Windows  applica¬ 
tions.  Later  versions  of  1-2-3  were  written  in 
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C,  partially  to  accommodate  the  programs’ 
growth  and  complexity  and  partially  to  make 
it  easier  for  integration  with  other  programs. 

Kawell  was  the  third  co-founder,  co¬ 
designer  and  co-developer  of  the  Lotus  Notes 
project,  and  vice  president  of  Iris  Associates 
from  1985  to  1998.  He  was  responsible  for  the 
ongoing  development  of  the  Lotus  Notes  Mail 
client  and  the  server  software.  In  addition,  he 
developed  and  co-designed  the  Internet  and 
TCP/IP-based  protocols  for  the  integration  of 
the  Notes  and  Domino  products. 

“I  was  primarily  responsible  for  creating 
the  Notes  user  interface,  mail  and  security 
features,”  Kawell  says.  “And  later,  I  led  the 
teams  that  continued  the  development  of 
the  entire  Notes  client.  I  also  engineered  and 
managed  the  transition  of  the  Notes  client  to 
supporting  Internet  and  Web  features  in  the 
early  ’90s.  For  13  years,  I  co-managed  and 
grew  the  development  team  from  our  original 
team  of  three  people  to  over  300  developers.” 


units  the  day  before  the  official  release.  Later, 
Bill  Eisner  ordered  10,000  copies  for  the  CIA. 

Many  Lotus  players  (including  Kapor, 
Ozzie,  Moore  and  Halvorsen)  have  com¬ 
mented,  in  published  interviews,  that  from 
an  overall  Lotus  growth  perspective,  espe¬ 
cially  as  a  public  company,  the  most  notable 
leader  was  Jim  Manzi.  Manzi  was  president  of 
Lotus  from  October  1984  to  1995, 
and  CEO  from  April  1986  until 
IBM’s  hostile  takeover  in  1995. 

During  Manzi’s  tenure,  Lotus 
1-2-3  sold  750,000  copies  in  1986 
(three  times  its  nearest  competi¬ 
tor,  Microsoft’s  Multiplan).  At  one 
point,  Lotus  sales  represented 
17.6%  of  all  software  sales  in  the 
business  world. 

Louis  V.  Gerstner  Jr.  is  another 
leader  in  the  Lotus/IBM  story 
who  has  garnered  much  noto¬ 
riety  and  respect  from  his  col- 


channel,  which  had  more  than  6,000  resell¬ 
ers  of  Notes  during  its  high  point.  In  addition, 
from  1992  to  1995,  Moore  managed  the  IBM/ 
Lotus  relationship  through  its  acquisition. 

Alan  Lepofsky  worked  for  IBM/Lotus 
from  1993  to  2007.  He  helped  run  the  Notes/ 
Domino  customer  council,  was  part  of  the 
product  marketing  team,  worked  with  the 
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MITCH  KAPOR:  www.kaporcapital.com, www.LPFI.org  and  www.mkf.org,  in  addition  to  his  main  website  at  www.kapor.com.  He's  a  partner  at 
Kapor  Capital.  JONATHAN  SACHS:  owns  a  photo  editing  software  program  called  Digital  Light  &  Color.  RAY  OZZIE:  founder  and  CEO  of 
Talko,  a  startup  that  concentrates  on  a  new  class  of  mobile-centric  software  and  services.  Tim  Haivorseu;  has  been  involved  at  the  board  level 

with  various  startups  and  worked  as  a  part-time  software  consultant.  He  recently  joined  a  new  startup  called  Clear  Ballot  Group  as  CTO  and  the 

iesig  STEVE  BECKHARDT:  works  in  the  software  development  team  at  Sonos.  JIM  MANZI:  chairman  of  StoneGate  Capital 
Group  since  1995;  became  chairman  of  a  Web  and  voice  conferencing  company  called  Interwise.  LARRY  MOORE:  principal  in  the  Clear  Ballot 

Group.  4LAN  LEPOFSKY:  has  been  vice  president  and  principal  analyst  at  Constellation  Research. 


Beckhardt  worked  on  Notes/Domino  for  15 
years,  from  1985  to  2000.  He  joined  Iris  Asso¬ 
ciates  about  three  months  after  the  company 
started.  “I  designed  the  original  Notes  Server 
(before  it  was  renamed  Domino),”  he  says, 
“But  I’m  probably  best  known  for  designing 
the  Notes  replication  system.  I  also  worked 
on  many  other  areas  including  encryption, 
networking,  full  text  search,  etc.” 

With  all  of  this  computer  programming 
expertise,  Lotus  still  needed  to  be  sold,  oth¬ 
erwise  it  would  have  been  become  the  best- 
known  shelfware.  While  Laube  was  not  a 
Lotus  Notes  founder,  developer,  creator  or 
designer,  Ozzie  and  Larry  Moore  both  credit 
him  and  PwC  for  Lotus  Notes  initial  accep¬ 
tance  and  success.  Laube  was  PwC’s  first 
CIO  responsible  for  improving  client  services 
through  technology.  He  was  the  driving  force 
behind  standardizing  desktop  productiv¬ 
ity  applications  on  a  global  basis  and  solely 
responsible  for  the  largest  software  acquisi¬ 
tion  ever  made  (at  that  time).  The  program 
was  Lotus  Notes,  and  PwC  purchased  10,000 


leagues  for  his  place  and  contribution  to  the 
success  of  Lotus  Notes.  Gerstner  was  chair¬ 
man  and  CEO  of  IBM  from  April  1993  until 
February  2002.  He  is  credited  with  restoring 
IBM  to  its  former  glory.  He  laid  off  thousands, 
restructured  management,  reorganized  the 
company’s  infrastructure  and  modernized 
the  products  (hardware  and  software),  while 
simultaneously  revamping  the  company’s 
mainframe  division.  As  a  result  of  his  efforts, 
Gerstner  grew  Lotus  products  from  2  million 
users  to  more  than  22  million  users,  and  re¬ 
established  Big  Blue  as  a  corporate  giant. 

Moore  was  another  key  executive  in  the 
Lotus  lineup.  He  was  vice  president  and  gen¬ 
eral  manager  of  the  Communications  Prod¬ 
ucts  Division/Lotus  Notes  from  1988  to  1992 
and  the  motivating  force  behind  the  release  of 
Lotus  Notes,  which  has  generated  more  than 
$7  billion  in  sales;  that  is,  about  $450  million 
a  year.  His  colleagues  credit  his  management 
and  marketing  expertise  for  much  of  Notes 
initial  success.  One  of  his  strategies  included 
the  creation  of  the  Lotus  Notes  reseller 


business  partner  organization,  and  worked 
on  the  strategy  team  that  helped  share  the 
future  software  products. 

What  about  the  Lotus  name? 

The  founders  of  Lotus  are  not  too  broken  up 
over  IBM’s  decision  to  drop  the  name. 

“I  think  30  years  was  a  really  excellent  run, 
and  all  things  must  pass,”  Kapor  says. 

Ozzie  explains  that  to  keep  customers 
from  being  confused,  IBM  really  only  had 
two  choices:  to  grow  the  use  of  Lotus  as  a 
“social  ingredient  brand”  in  all  its  relevant 
solution  offerings,  regardless  of  its  techni¬ 
cal  heritage,  or  to  eliminate  it  and  say,  “IBM 
itself  means  social.” 

“Either  one  of  those  conclusions  would 
make  sense,  so  the  determination  to  retire  the 
Lotus  brand  was  likely  a  good  one.  It  had  a 
good  run.  I’m  not  surprised  and  it  was  a  wise 
business  decision,”  Ozzie  says. 

“As  for  IBM  dropping  Lotus  as  a  brand, 
this  is  not  something  I  am  going  to  lose  sleep 
about,”  Manzi  says.  H 
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NuoDB,  a  new  approach 
to  SQL  databases 

feel  like  some  kind  Of  dubious  character 
from  a  crime  movie:  “Psst,  buddy!  Wanna 
cloud  database  that’s  non-stop,  geographi¬ 
cally  and  elastically  scalable?  And  it’s  also 
ACID  compliant,  roughly  75%  of  the  cost 
of  using  Oracle,  good  at  hybrid  workloads, 

SQL-compliant,  ridiculously  easy  to  install, 
equally  easy  to  manage,  and  runs  on  multiple  plat¬ 
forms.  And  did  I  mention  cheap?  Oh  yeah,  I  did.” 


*  vt 

Mark  Gibbs'  Gearhead 


Anyway,  those  are  the  claims  made  by 
NuoDB  about  its  eponymous  database 
product,  and  its  pitch  for  what  it  calls  a 
Cloud  Data  Management  System  is  compel¬ 
ling.  A  few  weeks  ago,  just  before  NuoDB’s 
mid-January  launch,  I 
talked  with  one  of  the  com¬ 
pany’s  founders  and  CEO, 

Barry  Morris,  about  the 
product,  and  it’s  a  fascinat¬ 
ing  story. 

One  of  NuoDB’s  design 
presumptions  was  that 
optimization  is  hard  but 
scale-out  is  easy.  In  other 
words,  if  you  want  better 
performance  from  your 
database  you  can  do  the 
time-honored  wash- 
rinse-repeat  cycle  beloved 
by  database  analysts 
everywhere  (measure, 
analyze,  tune,  re-measure, 
re-analyze,  etc.),  or  you  can  just  throw  more 
hardware  at  the  problem.  And  that  is  what 
NuoDB  has  chosen  to  do. 

Of  course,  throwing  more  hardware  at 
a  database  performance  problem  requires 
that  the  database  system  be  easy  to  scale 
which,  in  turn,  requires  an  architecture  that 
is  modular  rather  than  monolithic.  And 
that's  what  NuoDB  is:  a  distributed  system 


of  self-organizing  units  rather  than  using 
the  hub-and-spoke  command  and  control 
architecture  of  traditional  databases. 

A  consequence  of  this  architecture  is 
that  installing  a  NuoDB  host  takes  about 
five  minutes,  has  hardly 
any  parameters  to  set,  and 
requires  very  little  in  the 
way  of  administration  once 
it’s  running! 

Where  NuoDB  gets  really 
interesting  is  that  commu¬ 
nications  between  the  hosts 
is  not  synchronous  as  you 
might  expect,  but  rather 
asynchronous  which,  while 
it  requires  high  bandwidth 
connections  between  hosts, 
is  not  overly  sensitive  to 
network  latency,  making  it 
more  compatible  with  real- 
world  WAN  configurations. 
The  issue  of  NuoDB 
being  good  at  handling  hybrid  loads  —  that 
is,  making  analytical  queries  while  under 
transactional  loading  —  is  a  powerful  argu¬ 
ment  for  the  product,  because  most  major 
SQL  database  product  performance  will 
tank  if  you  try  such  a  thing. 

Fundamental  to  NuoDB  is  being  SQL- 
compliant  (It  is  ANSI  SQL-92  compliant 
with  SQL-99  extensions,  and  works  with 


and  ships  with  a  set  of  JDBC/ODBC  drivers) 
which,  it  is  claimed,  makes  it  a  “drop-in” 
replacement  for  any  standard  SQL  environ¬ 
ment.  Morris  told  me  of  a  customer  who 
moved  an  Oracle-based  application  with 
500  tables,  hundreds  of  threads,  and  many 
complex  interactions  to  NuoDB  in  under 
one  month. 

So,  how  powerful  is  NuoDB?  The 
company  claims  that  a  load  of  1  million 
transactions  per  second  could  be  handled 
by  NuoDB  running  on  20  cheap  servers 
connected  by  Gigabit  Ethernet.  Running  on 
Amazon  EC2,  Windows,  Linux,  OS  X  and 
Solaris,  NuoDB  can  use  a  local  file  system, 
Amazon  S3  or  a  Hadoop  Distributed  File 
System  for  storage. 

There  are  two  no-cost  editions:  Free, 
which  supports  two  hosts  and  4GB  of  stor¬ 
age  (HDFS  is  not  supported  as  a  storage 
option)  and  is  available  for  users,  while 
Developer  (for  development  only,  of  course) 
allows  for  unlimited  hosts  and  has  no  stor¬ 
age  limits.  If  you  want  to  use  NuoDB  for 
production  systems  then  pricing  starts  at  a 
very  reasonable  $1,200  per  annum  for  two 
hosts  and  16GB  of  storage. 

Prior  to  the  January  launch  some  3,000 
beta  users  had  signed  up,  and  at  the  launch 
NuoDB  announced  that  AutoZone,  the 
automotive  parts  distributor  and  retailer, 
will  be  implementing  the  database  for 
provisioning  and  management  of  up-to-the- 
minute  digital  signage  in  its  5,000  outlets 
in  the  U.S.,  Puerto  Rico,  Mexico  and  Brazil. 

For  high-performance,  resilient,  low-cost 
database  solutions,  NuoDB  is  definitely 
worth  checking  out.  ■ 

Gibbs  is  impressed  in  Ventura,  Calif. 

Your  impressions  to  gearhead@gibbs. 
com  and  follow  him  on  Twitter  and  App. 
net  (@q uistuipater)  and  on  Facebook 
(quistuipater). 


NuoDB  CEO  Barry  Morris 
has  a  compelling  story  about 
his  company’s  cloud  data 
management  system. 
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Pre-spring  cleaning  the  Cool  Tools  offices 


WE'RE  IN  OUR  post-holiday,  post-CES 
cleanup  (pre-spring!)  in  the  Cool  Tools 
offices,  so  here  are  some  rapid-fire  reviews 
of  things  we’ve  been  toying  with  over  the 
past  few  weeks. 

►  Acer  Aspire  S7  ultrabook:  If  you’re  look¬ 
ing  for  a  super-thin  yet  powerful  Windows 
8  notebook,  check  out  the  Aspire  S7  series. 
The  S7-391  model  I  tried  includes  a  13.3-inch 
high-definition  touchscreen,  aluminum  case 
and  Gorilla  Glass  2  screen/cover,  all  in  a  very 
small  12.2  mm  package.  The  S7’s  screen  can 
open  up  180  degrees,  letting  you  lay  it  flat  to 
do  more  touch  actions,  and  the  system’s  cool¬ 
ing  system  has  a  fan  pulling  in  cool  air  while 
another  one  releases  the  hot  air  (although 
this  tends  to  make  the  notebook  a  bit  noisier 
than  you  might  expect).  The  system  starts 
at  $1,400  (for  a  core  iS  processor,  but  you 
can  upgrade  to  a  core  i7),  and  comes  with  a 
Bluetooth  wireless  mouse  and  two  adapters 
(for  connecting  to  a  VGA  monitor/projector 
and  wired  Ethernet). 


►  Kanex  Gigabit  Adapter  (USB  3  to  Eth¬ 
ernet):  If  you  own  an  ultrabook  (or  MacBook 
Pro  with  Retina  display)  and  are  annoyed  at 
the  lack  of  an  Ethernet  port,  be  sure  to  pick  up 
this  handy  adapter  ($49),  which  uses  a  USB 
3.0  connector  to  cre¬ 
ate  an  Ethernet  con¬ 
nection  (handy  for 
conference  rooms 

or  hotel  rooms  that  . 

only  provide  a  wired 


connection).  The  device  does  require  a  one¬ 
time  driver  install,  but  after  that  you’re  fine. 

►  HP  EliteBook  2570p:  It’s  not  the  fanciest 
notebook  in  the  shed,  but  rather  a  solid 
notebook  aimed  at  the  frequent  traveler. 
This  12.5-inch  notebook  (starts  at  $949) 
features  an  aluminum  magnesium  case 
that  helps  it  survive  the  normal  “bumps” 
from  a  business  travel  (HP  calls  it  “busi¬ 
ness  rugged”).  The  choice  of  an  integrated 
optical  drive  or  additional  storage  make 
this  notebook  pleasing  to  business  users 
(some  need  the  optical  drive,  some  need  the 
space)  who  might  not  find  these  options 
on  smaller  ultraportable  notebooks.  An 
optional  docking  station  ($149)  allows  for 
additional  USB  ports,  network  connectivity 
and  display  adapters,  making  it  useful  for 
the  office  as  well  as  the  road. 

►  Wicked  Audio  Evac  headphones:  There 
are  about  a  billion  different  headphone 
companies  these  days,  but  I  still  hold  a  special 
place  for  over-the-ear  headphones  that  are 
comfortable,  yet  also  travel  well.  While  I 
prefer  earbuds  for  exercising,  for  everything 
else  (video  editing,  game  playing,  iPad  view¬ 
ing,  etc.)  I  prefer  an  over-the-head  style.  This 
pair  from  Wicked  audio  (about  $30  online) 
fills  most  of  these  needs  —  providing  comfort 
for  long  stretches,  and  an  easy-to-fold  method 
for  packing  in  a  travel  bag.  The  braided  cord 
is  also  an  excellent  touch,  preventing  cord 
tangles  that  always  seem  to  occur  with  my 
other  headphones/earbuds.  The  only  issue 


—  I’m  still  getting  used  to  the  Army  Green 
style  (the  company  does  offer  other  colors). 

Shaw  can  be  reached  at  kshaw@nww.com. 
Follow  him  on  Twitter:  @shawkeith. 


CLEAR  CHOICE  TEST:  ANDROID-BASED  WI-FI  ANALYZERS 

Analyze  this:  Wi-Fi  nets  via  smartphone 

Ekahau  offers  most  comprehensive  set  of  Wi-Fi  site  survey  features  in  3-product  test 


BY  ERIC  GEIER 

In  the  early  days  of  Wi-Fi,  site  surveys 
were  fairly  basic  and  involved  run¬ 
ning  around  with  a  laptop  looking 
at  simple  signal  levels.  The  next  step 
was  map-based  tools  that  provided 
a  good  visual  of  Wi-Fi  coverage,  but  still 
involved  carrying  a  bulky  laptop  around. 

Today,  we  have  map-based  Wi-Fi  survey¬ 
ing  apps  you  can  run  on  your  Android-pow¬ 
ered  smartphone  or  tablet.  These  allow  you 
to  create  heat  maps  of  Wi-Fi  coverage,  and 
for  those  vendors  that  offer  a  laptop-based 
surveying  product,  the  data  can  be  exported 
there  for  further  analysis. 

We  tested  Fluke  Networks’  AirMagnet  Air- 
Mapper,  Wolf  WiFi  Pro  from  Enterprising 
Apps  and  Ekahau  Mobile  Survey. 

Wolf  WiFi  Pro,  at  a  mere  $50,  is  the  least 
expensive  but  doesn’t  offer  laptop-based  soft¬ 
ware  for  further  analysis. 

If  you’re  planning  to  or  already  have  pur¬ 
chased  a  laptop-based  solution  —  typically 
offering  more  features  and  functionality  than 
mobile  apps  —  then  consider  AirMagnet  or 
Ekahau.  If  throughput  is  crucial  for  your  net¬ 
work,  AirMagnet  offers  map-based  through¬ 
put  surveying. 

Ekahau  Mobile  Survey  is  great  mobile  sur¬ 
veying  and  testing  solution,  but  it’s  by  far  the 
most  expensive  out  of  the  three  solutions  we 
reviewed.  However,  it  offers  better  multi-floor 
support,  flexible  exporting  and  importing, 
and  includes  a  useful  network  health  moni¬ 
toring  and  testing  feature. 

Fluke  Networks’ AirMagnet 
AirMapperapp 

Fluke  Networks’  AirMagnet  AirMapper 
app  offers  a  Wi-Fi  surveying  solution  for 
Android  devices,  supporting  the  2.4GHz  and 
5GHz  bands.  It’s  basically  a  simpler  version 


clear 
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of  its  Windows-based  AirMagnet  Survey 
software.  A  feature-limited  demo  version  is 
offered  free  of  charge  while  the  Pro  version  is 
priced  at  $199. 

When  you  open  AirMapper  for  the  first 
time  you’re  greeted  with  a  mini  tutorial  high¬ 
lighting  the  main  functions,  and  then  you’re 
taken  to  the  main  page  where  you  can  create 
a  new  project  or  open  an  existing  one.  Right 
away  we  noticed  the  help  shortcut  in  the 
upper-right  corner  of  the  screen,  which  also 
appears  elsewhere  in  the  app  offering  a  use¬ 
ful  explanation  of  the  settings  and  functions. 

When  creating  a  new  project  you  must  select 
an  image  or  take  a  photo  of  the  floor  plan  and 
calibrate  it  by  selecting  a  given  distance  on  the 
map  and  inputting  its  length.  You’re  limited  to 
inputting  a  single  floor  plan  so  you  must  create 
separate  projects  for  multi-floor  surveys. 

For  a  project,  you  can  define  basic  survey 
details  like  the  surveyor’s  name,  location  and 
description.  You  can  also  select  the  SSID(s) 
that  you  want  to  capture  in  the  testing  or  leave 
blank  to  capture  all.  Additionally,  you  can 
enable  or  define  technical  settings  like  auto 
sampling,  real-time  heat  map,  signal  propa¬ 
gation,  and  minimum  signal  level  of  access 
points  you’d  like  to  include.  Plus  you  can 
define  a  URL  of  a  downloadable  file  that  can 
be  used  when  performing  throughput  testing. 

When  in  survey  mode,  you  simply  single¬ 
tap  along  your  path  on  the  map  to  take  a  sig¬ 
nal/throughput  reading.  You  can  rotate  the 


device  to  better  orientate  your  location  on  the 
map.  During  the  survey  the  current  number 
of  access  points  is  shown  in  the  bottom-left, 
which  you  can  tap  on  to  see  a  detailed  listing. 

When  testing  in  the  throughput  mode,  the 
current  throughput  rate  in  Mbps  is  also  dis¬ 
playing  on  the  bottom,  which  you  can  tap  to 
see  further  details. 

During  the  testing  you  can  also  tap  the 
annotation  icon  on  the  top-left  corner  to  add 
notes,  a  photo,  audio  clip,  or  video  attached  to 
the  last  data  point  location. 

When  you  exit  the  survey  mode  you  see  the 
heat  map  showing  the  signal  and/or  through¬ 
put  levels.  You  can  tap  the  “locate  AP”  icon  to 
show  the  estimated  locations  of  access  points 
on  the  map.  You  can  also  tap  on  data  points 
to  view  a  detailed  listing  of  the  top  five  access 
points  detected  at  that  location,  and  you’re 
able  to  add  annotations.  Plus  you  can  tap  the 
filter  icon  to  limit  the  heat-map  results  to  a 
certain  access  point,  SSID  or  channel. 

On  the  top  you’ll  also  find  an  export  icon  that 
packages  your  survey  results  in  a  .zip  file  and 
lets  you  send  them  via  email  and  other  meth¬ 
ods  your  device  offers.  But  keep  in  mind  that 
these  results  are  only  importable  and  viewable 
in  the  separate  AirMagnet  Survey  Pro. 

Overall  the  AirMagnet  AirMapper  app  is  a 
great  mobile  surveying  solution,  but  requires 
their  AirMagnet  Survey  Pro  product  to  view 
the  exported  data.  Though  the  app  requires 
you  to  create  separate  projects  for  multi-floor 
surveys,  they  can  be  imported  into  AirMag¬ 
net  Survey  Pro  for  multi-floor  viewing. 

The  biggest  differentiator  from  the  other 
two  solutions  is  that  AirMapper  supports 
map-based  throughput  testing  in  addition  to 
the  traditional  signal  surveying.  AirMagnet 
also  provides  superior  help  and  documenta¬ 
tion,  offering  great  in-app  help  shortcuts.  The 
ability  to  save  notes  and  media  clips  during 
surveying  is  also  unique,  but  unfortunately 
they  aren’t  included  in  the  exported  data. 
Another  snag  about  AirMapper  is  that  you 
can  only  view  current  access  point  details 
when  in  the  surveying  mode. 

Wolf  WiFi  Pro 

Wolf  WiFi  Pro  from  Enterprising  Apps  is  a 
wireless  toolkit  for  Android  that  provides 
Wi-Fi  surveying  and  scanning  tools,  support¬ 
ing  the  2.4GHz  and  5GHz  bands. 

When  you  open  Wolf  WiFi  Pro,  you’re 
greeted  by  a  simple  home  screen  with  short¬ 
cuts  for  each  of  the  tools:  WiFi  Scan,  Chan¬ 
nel  Scan,  Site  Survey,  and  WiFi  Manager. 
You’ll  also  find  a  button  to  enable/disable 
the  device’s  Wi-Fi  and  Wake  Lock  button  to 
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Product 

AirMagnet 

AirMapper 

Wolf  WiFi  Pro 

Mobile  Survey 

Company 

Fluke  Networks 

Enterprising  Apps 

Ekahau 

Price 

$199 

$50 

$399 

Pros 

Map-based 

throughput 

surveying 

Inexpensive 

Multi-floor  support,  flexible 
exporting/importing,  useful  network 
health  monitoring  and  testing 

Cons 

Requires  AirMagnet 
Survey  Pro  to  view 
exported  data 

Doesn’t  offer 
laptop-based 
software 

Expensive 
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control  the  device’s  sleep  and  dim  settings. 

When  you  open  WiFi  Scan,  you’ll  see  a 
listing  of  nearby  access  points  with  details 
like  their  SSID,  media  access  control  (MAC) 
address,  signal  level  in  dBm  values,  and  an 
indication  of  whether  the  APs  are  secured. 
In  the  detail  view  you  can  see  channels,  data 
rates  and  the  security  protocols. 

In  either  view  you  can  select  an  access 
point  to  track  its  signal.  The  tool  provides  an 
enlarged  signal  reading  with  a  bar  indicator 
and  the  dBm  value.  Plus  you  can  enable  the 
tone  feature  that  plays  a  tone  that  gets  higher 
as  the  signal  level  increases  to  help  you  find 
the  access  point. 

When  you  open  the  Channel  Scan  tool 
you’ll  see  a  graph  showing  channel  usage  and 
AP  signals  in  dBm  values.  You  can  also  tap  a 
channel  number  to  view  the  details  of  APs  on 
that  particular  channel. 

Tapping  the  WiFi  Manager  shortcut  on  the 
home  screen  brings  up  the  native  Android 
Wi-Fi  settings,  where  you  can  see  and  manage 
the  Wi-Fi  networks  you  can  connect  to. 

When  you  open  the  Site  Survey  tool  you’re 
greeted  with  a  simple  screen  where  you  can 
create  or  open  site  survey  projects.  When 
creating  a  project,  all  you’re  prompted  to  do  is 
select  a  floor  plan  image.  Wolf  WiFi  doesn’t  yet 
offer  multi-floor  support,  so  you’d  have  to  cre¬ 
ate  separate  projects  for  each  floor  of  a  building. 

To  begin  surveying,  you  can  walk  around 
the  building  and  double-tap  your  location 
on  the  map  to  take  signal  readings.  During  or 
after  surveying  you  can  long-press  on  a  read¬ 
ing  to  see  the  captured  network  and  signal  info. 

In  the  upper-right  of  the  app  you’ll  find  sev¬ 
eral  shortcuts.  The  first  shortcut  shows  you’re 
in  the  survey  mode  where  you  can  double-tap 
to  take  readings.  The  second  shortcut  brings 
up  a  gallery  of  various  network- related  icons 
you  can  place  on  the  map  to  represent  items 
like  access  points,  antennas,  routers  and 
workstations.  Once  you  place  items  you  can 
manually  input  network  details  and  you  can 
manage  them  by  clicking  the  third  shortcut  to 
open  the  Network  Device  Explorer. 

The  fourth  shortcut  brings  up  the  Filter¬ 
ing  Options.  There  you  can  filter  what  access 
points  or  signals  are  shown  on  the  map  via 
their  MAC  address,  dBm  signal  level  or  chan¬ 
nels.  You  can  also  enable/disable  items  on  the 
map:  signal  heat  map,  access  point  edge,  tap 
points,  survey  path,  speed  and  security  status. 

The  fifth  shortcut  brings  up  the  undo 
options  to  remove  the  last  signal  or  icon  tap. 
The  sixth  shortcut  pops  up  the  survey  prefer¬ 
ences  to  change  settings,  like  showing  icon  tag 
info  and  the  size  of  icons  and  taps.  And  the 
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last  icon  provides  shortcuts  to  the  other  tools: 
WiFi  Scan,  Channel  Scan  and  WiFi  Manager. 

You  can  export  the  survey  results  via  the 
menu  options  when  in  the  Site  Survey  tool, 
which  simply  lets  you  save  the  results  to  your 
device.  Then  you  can  use  email  or  another  app 
to  send  them  or  plug  your  device  into  a  PC  to 
transfer  them.  You’ll  find  an  image  of  the  sur¬ 
vey  map  as  it  was  in  the  app, 
but  with  a  color-coded  signal 
level  bar  added. 

Plus  you’ll  find  a  text  file 
containing  the  details  of  the 
survey  readings,  which  you 
can  open  in  the  .csv  format 
within  Excel  for  better  view¬ 
ing.  You’ll  find  all  the  access 
point  and  connection  details, 
such  as  the  SSID,  signal  level, 
channel,  and  MAC  address 
of  the  access  point  you  were 
connected  at  the  time  of  each 
survey  reading. 

Overall,  Wolf  WiFi  Pro  is  a 
great  and  inexpensive  mobile 
surveying  app  that  provides  other  tools  as 
well,  like  Channel  Scan,  to  visually  see  chan¬ 
nel  usage  and  any  overlapping  issues.  Another 
differentiator  from  the  other  two  solutions  is 
the  exporting.  Although  still  basic,  it  exports 
both  the  heat  map  and  access  point  details  in 
formats  anyone  can  view. 

Wolf  WiFi’s  network  icon  and  network 
device  explorer  features  are  great  ideas,  but 
manually  inputting  all  the  network  details 
isn’t  ideal.  The  UI  could  use  improvements  as 
well.  Fortunately,  the  developer  says  some  of 
these  issues  will  be  addressed  in  Version  2.0, 
along  with  other  new  and  improved  features. 

Ekahau  Mobile  Survey 

Ekahau  Mobile  Survey  is  an  Android  app 
that  provides  Wi-Fi  testing  and  surveying 
tools  for  $399  when  purchased  separately. 

When  you  open  the  app,  you’re  greeted  by 
the  Test  screen,  which  contains  a  network 
health  monitor.  It  monitors  the  access  point 
signal  level,  data  rate,  packet  loss,  packet  delay 
and  rogue  signals.  It  alerts  you  if  any  exceed 
your  desired  levels.  These  levels  can  be  manu¬ 
ally  defined  or  you  can  choose  between  pre¬ 
defined  requirement  profiles. 

You  can  tap  the  bottom  to  display  the  net¬ 
work  details  of  your  current  connection  with 
Wi-Fi  and  IP  details.  You  can  also  enable  Back¬ 
ground  Monitoring  so  any  network  health 
alerts  are  saved  in  the  logs. 

On  the  Map  screen  is  where  you  perform 
the  surveying.  After  importing  a  floor  plan 


image  you  can  calibrate  the  map  by  select¬ 
ing  something  on  the  map  and  inputting  its 
length  in  meters.  Then  you  can  enter  the  sur¬ 
vey  mode  via  the  menu  options  and  long- press 
on  your  location  to  take  readings.  Once  you’re 
done  you  can  hit  pause  to  see  the  heat  map  of 
signal  levels.  You  can  adjust  the  threshold  of 
signal  levels  shown  on  the  map.  You  can  also 
select  certain  access  points  to 
see  individual  coverage  and 
access  point  details. 

You  can  add  additional 
floor  plan  images  and  con¬ 
veniently  switch  between 
them  on  the  Map  screen.  In 
the  menu  options  you  can 
export  each  individual  floor 
map  image,  which  saves  the 
images  to  the  device  and 
allows  you  to  email  or  export 
via  other  methods. 

On  the  access  points  screen, 
you’ll  find  a  listing  of  current 
access  point  details,  includ¬ 
ing  SSID,  MAC  address, 
channel,  security  status  and  signal  level. 

On  the  Log  screen,  you’ll  find  a  history  of 
any  network  errors  detected  by  the  network 
health  monitor,  such  as  access  points  with  low 
signal  or  data  rate,  rogue  access  points  or  high 
packet  delays.  You  can  tap  an  entry  to  review 
the  details  and  even  add  your  own  notes. 

In  the  app’s  menu  options,  you  can  export 
the  heat  map  image  and  monitoring  logs  via 
email  or  other  methods.  Plus,  survey  proj¬ 
ects  created  with  Ekahau  Mobile  Survey  and 
their  Windows-based  Ekahau  Site  Survey 
software  are  compatible.  So  you  can  perform 
surveys  with  a  lightweight  mobile  device  and 
later  export  the  project  to  a  PC  or  laptop  for 
in-depth  analysis  and  reporting. 

The  last  screen  is  the  configuration  screen, 
where  you  can  change  the  requirements  for 
the  network  health  monitor,  scanning  prefer¬ 
ences  and  other  project  preferences. 

One  unique  feature  of  Ekahau  Mobile  Sur¬ 
vey  is  the  widget  that  you  can  place  on  one 
of  your  Android  home  screens.  It  displays 
the  signal  level  and  data  rate  of  your  current 
Wi-Fi  connection  and  also  lets  you  quickly 
switch  the  background  network  health  moni¬ 
toring  on  and  off.  ■ 

Ge/'er  is  a  freelance  tech  writer  —  keep  up 
with  his  writings  on  his  Facebook  Fan  Page. 
He's  also  the  founder  of  NoWiresSecurity,  a 
cloud-based  Wi-Fi  security  service,  and  On 
Spot  Techs,  an  on-site  computer  services 
company. 


Performing  signal  surveying 
in  Ekahau  Mobile  Survey. 
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BY  CHRISTINE  BURNS 


If  2013  is  the  year  enterprises 

begin  implementing  their 

hybrid  cloud  strategies,  as  the 

experts  are  predicting,  then 

it  follows  that  this  will  also  be 

the  year  when  hybrid  cloud  security  takes  center 

stage.  According  to  analysts,  industry  watchers 

and  security  practitioners,  the  bad  news  is  that 

there  is  no  silver  bullet  on  how  to  fully  accomplish 

security  in  a  hybrid  cloud.  That’s  because  there 


secure  on- 


how  to  secure  data  stored  with  multiple  cloud 


. 


and  finally,  how  to  secure  mobile  devices  that 
connect  to  your  cloud  infrastructure. 
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If  that’s  not  daunting  enough,  another  rea¬ 
son  why  there  isn’t  a  one-size-fits-all  solution 
is  that  the  definition  of  hybrid  cloud  is  open  to 
interpretation. 

And  every  company  has  a  different  com¬ 
fort  level  when  it  comes  to  security  in  general 
and  cloud  security  in  particular.  One  com¬ 
pany’s  game  plan  for  keeping  a  minimum  set 
of  operations  under  lock  and  key  inside  the 
on-premises  data  center  or  a  virtual  private 
cloud,  while  pushing  batch  processing  or  user 
front-end  processes  to  the  public  cloud,  might 
be  another  IT  department’s  worst  nightmare. 

“Every  hybrid  cloud  implementation  is 
unique  and  that  makes  securing  them  a  mov¬ 
ing  target,”  says  Dave  Asprey,  vice  president  of 
cloud  security  at  security  management  vendor 
Trend  Micro.  Asprey  subscribes  to  the  notion 
of  ambient  clouds,  essentially  the  idea  that 
enterprise  customers  are  going  to  move  toward 
a  distributed  cloud  model  where  they  employ 
multiple  cloud  providers  —  each  replaceable 
based  on  use  case,  price  and  availability. 

“I  don’t  necessarily  think  the  types  of 
threats  against  the  ambient  cloud  is  up  from 
those  used  against  traditional  data  center  or 
private  cloud  schemes,  but  the  potential  risks 
against  the  data  running  across  the  distrib¬ 
uted  cloud  certainly  is,”  Asprey  says. 

Security  strategies  that  work 

The  good  news  is  that  enterprises  already 
employing  defense-in-depth  practices  across 
their  existing  networks  can  apply  those  same 
tenets  within  a  hybrid  cloud  security  manage¬ 
ment  strategy. 

The  caveat  here,  though,  is  that  IT  manage¬ 
ment  must  commit  to  a  whole  lot  of  advanced 
planning  and  prepare  their  staffs  for  a  bit  of 
technological  tweaking  of  security  policies 
and  gear  before  a  hybrid  cloud  goes  live  (see 
“Cloud  security  tips  and  tricks,”  page  26). 

“Typically  in  this  industry  the  adoption 
of  any  technology  happens  well  before  secu¬ 
rity  considerations  surrounding  it  are  fully 
addressed,”  says  Gary  Loveland,  a  principal  in 
PricewaterhouseCoopers’  advisory  practice 
and  head  of  the  firm’s  global  security  practice. 

With  hybrid  cloud,  Loveland  says,  clients 
are  being  clearer  about  the  security  require¬ 
ments  upfront  and  are  forcing  cloud  service 
providers  to  be  more  prepared  to  have  solid 


answers  on  topics  ranging  from  defining  and 
ensuring  multi-tenant  boundaries,  to  PCI  and 
FISM  A  compliance  and  auditing  capabilities. 

Industry  guidelines  can  help 

The  Cloud  Security  Alliance  in  2011  estab¬ 
lished  the  CSA  Security,  Trust  &  Assurance 
Registry,  a  free,  publicly  accessible  registry 
that  documents  the  security  controls  provided 
by  various  cloud  service  providers.  The  regis¬ 
try,  which  vendors  supply  the  information  for 
about  their  own  products,  is  designed  to  help 
users  assess  the  security  of  cloud  providers 
they  currently  use  or  are  considering  contract¬ 
ing  with  in  the  future.  To  date,  the  registry  con¬ 
tains  information  about  20  providers. 

The  underlying  problem,  Loveland  says, 
is  that  enterprises  have  to  mature  enough  in 
their  use  of  virtual  technology  and  cloud  ser¬ 
vices  management  to  take  advantage  of  the 
higher  security  offerings. 

Jeff  Spivey,  international  vice  president 
of  ISACA,  an  association  of  IS  professionals 
dedicated  to  the  audit,  control  and  security 
of  information  systems,  and  vice  president  of 
mobile  security  vendor  RisklQ,  concurs.  He 
sees  all  too  often  that  enterprise  IT  assumes 
that  once  they  hand  off  their  operations  to  a 
cloud  provider,  the  latter  then  assumes  sole 
responsibility  for  security. 

“Not  true,  it’s  at  that  point  that  IT  needs 
to  become  even  more  diligent  about  imple¬ 
menting  sound  security  across  their  clouds,” 
Spivey  says. 

He  points  to  COBIT  5,  the  newest  version 
of  ISACA’s  framework  for  governance  and 
management  of  enterprise  IT  which  outlines 
IT  control  objectives  for  cloud  computing 
in  general,  as  a  strong  guideline  for  how  to 
implement  hybrid  security. 

As  hype  surrounding  cloud  computing 
continues  to  grow,  IT  departments  are  being 
pressured  by  management  to  seize  some  of  the 
cloud’s  promised  economical  benefits.  But  it’s 
IT’s  job  to  make  sure  they  are  not  risking  the 
farm  in  order  to  go  into  the  cloud  to  see  those 
benefits. 

In  fact,  computer  scientists  at  the  Univer¬ 
sity  of  Texas  at  Dallas  have  devised  an  algo¬ 
rithm  that  can  help  companies  develop  a  risk- 
aware  hybrid  cloud  strategy. 

According  to  one  of  the  researchers,  Murat 


Kantarcioglu,  the  scheme  is  an  efficient  and 
secure  mechanism  to  partition  computa¬ 
tions  across  public  and  private  machines  in  a 
hybrid  cloud  setting. 

Kantarcioglu  and  his  colleagues  have  set 
up  a  framework  for  distributing  data  and 
processing  in  a  hybrid  cloud  that  meets  the 
conflicting  goals  of  performance,  sensitive 
data  disclosure  risk  and  resource  allocation 
costs  getting  weighed  and  balanced. 

The  technology  is  implemented  as  an  add¬ 
on  tool  for  a  Hadoop-  and  Hive-based  cloud 
computing  infrastructure,  and  the  team’s 
experiments  demonstrate  that  using  it  can 
lead  to  a  major  performance  gain  by  exploit¬ 
ing  hybrid  cloud  components  without  violat¬ 
ing  any  predetermined  public  cloud  usage 
constraints. 

Having  to  think  about  how  hybrid  cloud 
operations  fit  into  a  company’s  overall  infor¬ 
mation  security  management  scheme  could 
help  IT  departments  reset  the  appropriate 
level  of  security  for  the  processes  across  the 
entire  enterprise,  argues  Pat  O’Day,  CTO  at 
Bluelock,  a  VMware-based  cloud  service  pro¬ 
vider  in  Minneapolis. 

“We  now  get  to  think  about  how  to  set  the 
right  level  of  security  on  an  application-spe¬ 
cific,  a  process-specific  or  even  a  data-specific 
basis,”  says  O’Day,  a  condition  that  gives 
enterprises  a  lot  of  leeway  in  terms  of  where 
they  want  to  spend  resources  on  security. 

Rand  Wacker,  vice  president  of  products  for 
CloudPassage,  a  cloud  server  security  vendor, 
suggests  customers  take  the  strictest  security 
scenario  —  most  likely  pertaining  to  hybrid 
cloud  usage  because  there  are  direct  links 
between  the  public  cloud  and  on-premises 
resources  —  and  set  the  most  stringent  secu¬ 
rity  policy  for  that  level  of  risk. 

ISACA’s  Spivey  advises  clients  that  what¬ 
ever  security  policy  they  establish,  they  must 
be  sure  that  it  is  portable.  “Don’t  lock  your 
policy  to  your  cloud  provider,”  Spivey  says. 
There  will  be  a  time  down  the  road  where  you 
will  want  to  migrate  away  from  them  for  either 
price  or  performance  reasons  and  you  don’t 
want  to  have  to  rethink  your  whole  security 
policy  to  make  the  switch,  he  says.  ■ 

Burns  is  a  freelance  writer.  She  can  be  reached 
at  cburnsl227@gmail.com. 


24  FEBRUARY  ll,  2013  www.networkworld.com 


Understanding  SDN,  OpenFlow,  and  Network  Virtualization 


Open  Network  Exchange 


Software  Defined  Networking  (SDN)/ 
Network  Virtualization  promises  to  reshape 
enterprise  networks,  enabling  companies  to  keep  pace 
with  fluid  computing  environments  powered  by  virtual 
servers  and  the  cloud. 

Join  event  moderator  and  Network  World 
Contributing  Editor,  Jim  Metzler,  and  discover... 

•  How  SDN  works 

•  The  potential  for  SDN  in  the  enterprise 

•  How  leading  organizations  currently  leverage 
SDN  and  Network  Virtualization  for  data  center 
and  large-scale  networking  efficiency. 


TOUR  DATES 


NEW  YORK  I  February  12 

Grand  Hyatt,  NYC 

SAN  FRANCISCO  I  March  12 

Hotel  Nikko 


DALLAS  I  April  10 

TBA 

CHICAGO  I  May  14 

Gleacher  Center 


REGISTER  TODAY 

in  a  city  near  you  for  Open  Network  Exchange! 

Limited-time  complimentary  offer  for  Network  World  readers: 
Register  by  February  28,  2013  using  discount  code  SubscriberVIP 

events.networkworld.com/SDN/Attend 


#NetworkWorldSDN 


Sponsors  include: 


ARISTA  big  switch 

(flh  TIM  NEC 

Vjr  ==^=T=  Mellanox- 

TECHNOLOGIES 


CYAN 


pertino 


Presented  by 


Interested  in  Sponsorship  Opportunities? 

Contact  Andrea  D’Amato,  VP/Publisher,  Network  World  at  adamato@nww.com 


IPSTRICKS 


BY  CHRISTINE  BURNS 

USERS  AND  security  consultants  familiar 
with  the  process  of  securing  hybrid  clouds 
have  one  steady  piece  of  advice  to  offer:  The 
only  way  to  go  is  one  step  at  a  time. 

“Managing  hybrid  security  is  a  matter  of 
setting  policy  across  all  of  the  security  touch 
points  IT  is  already  used  to  managing.  It’s 
about  being  consistently  diligent  at  every 
turn,”  says  Joe  Coyle,  CTO  of  IT  consultancy 
giant  Capgemini  North  America. 

Coyle  advises  clients  to  regard  their  hybrid 
cloud  usage  as  an  extension  of  their  network 
perimeter.  “You  have  to  tweak  firewall  policy, 
watch  IDS  traffic  more  carefully,  employ 
encryption,  set  up  multiple  levels  of  authen¬ 
tication  for  management  access  and  demand 
high  levels  of  physical  security  at  providers’ 
sites,”  Coyle  says. 

In  terms  of  securing  the  link  between  your 
data  center  —  virtualized  as  a  private  cloud  or 
not  —  you  can  go  with  a  direct  route  or  estab¬ 
lish  a  tunnel.  Garret  Leap,  CTO  at  Direct  Insite, 
a  company  that  delivers  on-demand  accounts 
payable  and  accounts  receivable  solutions  to 
more  than  100,000  corporations  across  100 
countries,  says  his  company  went  for  a  100MB 
direct  fiber  connection  for  both  the  increased 
security  it  offers  and  the  fact  that  one  of  the 
company’s  data  centers  was  already  collocated 
at  Terremark’s  Miami  facility. 

Direct  Insite  now  hosts  its  customer-facing 
front  end  in  the  cloud  and  all  of  the  client  data 
is  hosted  and  processed  in  the  company’s  col¬ 
located  data  center.  Leap  says  knowing  that 
Terremark’s  virtualized  data  centers  were 
already  rated  as  Tier  4  meant  there  was  a  very 
high  comfort  level  in  terms  of  who  has  physi¬ 
cal  access  to  the  servers  there. 

To  secure  the  direct  link,  Direct  Insite  uses 
a  Cisco  ASA  box.  “We  only  let  what  we  want 
to  come  in  and  we  don’t  let  any  data  out  that 
should  not  be  allowed  out,”  Leap  says. 

On  top  of  the  physical  layer  security 
defined  by  locked  server  cages  and  things  of 
that  nature,  security  consultant  Joel  Snyder 
of  Opus  One  in  Tucson,  Ariz.,  says  it’s  also 
crucial  for  customers  to  understand  the  pro¬ 
vider’s  access  control  mechanism  for  manage¬ 
ment  of  those  servers. 


"YOU  WANT  TO  PUSH 
TO  MAKE SURE YOUR 
SECURITY  POLICY 
TRAVELS  WITH  YOUR 
VIRTUAL  IMAGE 

no  matter  where  it 
is  running” 

RAND  WACKER,  VICE  PRESIDENT  OF 
PRODUCTS,  CLOUDPASSAGE 

“These  carriers  have  all  the  tools  to  make 
sure  the  ankle-biters  out  on  the  Internet  keep 
away  from  your  data,  but  have  they  guarded 
against  having  one  of  their  guys  being  bribed 
by  your  competitor  to  pull  down  all  of  your 
sales  data?”  asks  Snyder. 

Snyder  says  companies  looking  to  build 
hybrid  clouds  should  demand  from  their  ser¬ 
vice  providers  proof  of  two-factor  authentica¬ 
tion  for  all  server  management  purposes. 

And  they  should  be  demanding  that  all 
of  the  security  parameters  of  the  hybrid 
deployment  should  be  manageable  from  the 
same  pane  of  glass,  says  Kevin  Jackson,  vice 
president  and  general  manager  of  NJVC, 
an  IT  consultancy  catering  to  highly  secure 
government  clients.  Jackson  contends  that 
unified  management  is  going  to  be  even  more 
necessary  as  customers  evolve  to  use  multiple 
cloud  service  providers  in  the  future.  He  sug¬ 
gests  that  customers  look  to  cloud  service  bro¬ 
kerages  to  provide  those  management  links. 

Every  practitioner  interviewed  for  this 
story  said  that  employing  encryption  in  a 
hybrid  cloud  is  a  no-brainer  decision  both  for 


data  at  rest  and  for  data  in  motion.  But  one  of 
the  major  issues  with  encryption  in  a  hybrid 
situation  is  where  to  hold  the  key,  as  data  and 
access  to  data  can  be  spread  across  both  places 
and  routine  security  practice  dictates  that  you 
don’t  store  the  keys  where  the  data  resides. 

Segal  McCambridge,  a  Chicago-based  law 
firm,  opted  to  go  with  maintaining  its  own  keys 
and  storing  the  data  for  its  hybrid  applications 
on  Nasuni’s  cloud-based  storage  offering. 

The  firm’s  CTO,  Matt  Donehoo,  explains  that 
all  of  his  firm’s  litigation  files  stored  electroni¬ 
cally  must  be  managed  in  a  way  that  guaran¬ 
tees  absolute  defensibility  in  a  court  of  law  — 
anything  else  would  render  it  inadmissible.  By 
design,  the  Nasuni  storage  controller  installed 
at  Segal  McCambridge’s  site  fully  encrypts  any 
data  or  metadata  that  leaves  a  customer’s  office 
and  keeps  that  data  encrypted  both  on  the  wire 
and  at  rest  in  the  Nasuni  cloud. 

The  customer  controls  the  keys  to  the 
encrypted  data,  by  design.  From  there  it’s  up 
to  the  enterprise  to  pick  whether  to  employ  a 
key  management  product  on-premises  or  use 
a  third-party  key  management  service. 

The  two  depths  of  security  that  come  into 
play  for  virtualized  networks  —  whether  pri¬ 
vate  or  public  and  private  —  address  virtual 
machine  security. 

“Sometimes  the  enterprise  security  team 
doesn’t  have  a  say  in  how  virtual  machines 
get  spun  up  within  a  provider’s  cloud.  But 
they  should,  because  that  is  a  fundamental 
point  of  security  in  the  cloud.  You  want  to 
push  to  make  sure  your  security  policy  travels 
with  your  virtual  image  no  matter  where  it  is 
running,”  says  Rand  Wacker,  vice  president 
of  products  for  CloudPassage,  a  cloud  server 
security  vendor. 

NJVC’s  Jackson  says  Intel’s  Trusted  Execu¬ 
tion  Technology  (TXT)  could  help  IT  depart¬ 
ments  in  the  near  future  with  the  basic  issue 
of  being  able  to  trust  the  servers  running  your 
applications  in  the  cloud.  TXT  is  a  hardware- 
based  security  measure  built  into  all  Intel 
Xeon  servers,  which  is  designed  to  detect  and 
prevent  BIOS  attacks  and  evolving  forms  of 
stealthy  malware,  such  as  rootkits. 

The  main  benefit,  Jackson  says,  is  an  under¬ 
standing  that  your  virtual  instances  will  be 
spinning  up  on  a  trusted  machine.  ■ 
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Securing  a  hybrid  cloud  is  not^ 
the  same  thing  as  deploying  J 
hybrid  security  products 


BY  CHRISTINE  BURNS 


SECURING  A  hybrid  cloud  describes  the  process  by 
which  IT  employs  a  host  of  products  to  manage  the  secu¬ 
rity  parameters  of  your  hybrid  cloud  installation.  Hybrid 
cloud  security  products  can  be  delivered  in  a  box  that  gets 
deployed  on-premises  at  a  customer’s  site.  But  increasingly 
security  vendors  are  offering  a  hybrid  approach  to  their 
product  portfolios  whereby  customers  can  buy  a  physical 
box  or  buy  the  security  capability  as  a  service. 

The  traditional  delivery  model  still  far  outweighs  the 
cloud-based  one.  In  fact,  Gartner  estimates  that  in  2011, 
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only  13%  of  all  security  products  sold  were  purchased  via 
a  security-as-a-service  (SECaaS)  model.  That  said,  Gartner 
adds  that  preliminary  sales  data  shows  that  for  in  2012  that 
number  was  closer  to  35%. 

IDC  says  the  SECaaS  market  should  hit  a  value  of  $3.3 
billion  this  year  and  continue  to  rise  to  more  than  $5  bil¬ 
lion  by  2016. 

IDC  analyst  Phil  Hochmuth  says  there  is  generally  not 
a  big  difference  between  the  functionality  of  a  product 
offered  as  a  service  and  its  on-premises  counterpart.  “It’s 
more  of  a  function  of  giving  customers  more  latitude  in 
terms  of  where  and  how  they  can  deploy  these  products  in 
different  parts  of  the  enterprise,"  he  says. 

Vendors  are  also  quick  to  point  out  that  given  the  com¬ 
mon  root  functionality  of  both  deliverables,  being  able  to 
manage  both  products  from  a  common  interface  is  key. 

Industry  analysts,  security  practitioners  and  customers 
interviewed  for  this  package  of  stories  supplied  four  areas 
of  security  (secure  Web  gateways,  virtualization  security, 
security  information  and  event  management  [SIEM],  and 
identity  and  access  governance  [IAG])  in  which  they  are 
looking  to  deploy  security  products  in  their  hybrid  cloud 
in  the  future,  regardless  of  whether  they  run  them  on¬ 
premises  or  in  the  cloud  or  a  little  bit  of  both.  And  they  have 
named  names  in  terms  of  which  vendors  they  are  watching 
most  closely  in  each  category. 


SECURE  WEB 
GATEWAYS 

These  products  filter  malware 
from  user-initiated  Web  traffic 
through  URL  filtering,  malicious 
code  detection.  Web  -application 
controls  and  data  loss  prevention. 
Gartner  contends  that  87%  of 
the  products  in  this  market  were 
sold  in  on-premises  bundles  in 
201.1,  with  the  remaining  sold  as  a 
service.  Gartner  estimates  the  SaaS 
segment  rose  to  35%  last  vear. 

1. 

Cisco 

PRODUCTS:  IronPort  S-Series 
appliances  and  ScanSafe  service 
WHY  WE  ARE  WATCHING: 

Cisco  bought  IronPort  in  2007  and 
ScanSafe  in  2009  and  has  been 
steadily  building  links  between  the 
appliance  and  the  service  across  its 
networking  and  security  gear  so 
that  both  are  easier  to  implement 
in  Cisco-focuses  enterprises. 


2. 

Blue  Coat 

PRODUCT:  ProxySG  and  Blue  Coat 

Cloud  Service 

WHY  WE  ARE  WATCHING: 

The  on-premises  ProxySG 
product  is  well-tested  in  large 
enterprise  environments  for  seal- 
ability  and  performance  and  the 
list  of  protocols,  authentication 
options,  back-end  databases  and 
antivirus  platforms  it  supports 
are  long  across  the  board.  The 
service  option  is  based  on  the 
ProxySG  boxes. 

3. 

Websense 

PRODUCTS:  Web  Security  Gateway 
and  Web  Security  Gateway 
Anywhere 

WHY  WE  ARE  WATCHING: 

The  company  has  a  focus  on 
data  leak  prevention  as  its  main 
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differentiator,  and  it’s  got  an 
acclaimed  Triton  management 
console  that  helps  enterprises 
manage  both  appliances  and 
the  service  (which  has  the  same 
name  as  the  appliance  with  the 
addition  of  “Anywhere”)  from 
the  same  pane  of  glass,  should 
they  want  to  run  with  a  hybrid 
security  strategy. 

4. 

Zscaler 

PRODUCTS:  Zscaler  Web 
Security 

WHY  WE  ARE  WATCHING: 

Zscaler  is  a  fast  growing  startup 
that  offers  its  product  only  as  a 
service.  Gartner  has  said  this  is 
the  fastest  growing  company  in 
this  market  segment  driven  by 
its  very  strong  reporting  capabil¬ 
ities,  client  redirection  functions, 
granular  security  controls,  and 
flexible,  policy-based  controls 
for  social  media  applications. 


VIRTUALIZATION 

SECURITY 

This  segment  of  cloud  security 
both  homes  in  on  locking  down 
the  hypervisor  that  enables  vir¬ 
tualization  in  the  first  place  and 
seeks  to  thwart  ill-intentioned 
communications  between  the 
virtual  machines  running  on  it. 

5. 

Bromium 

PRODUCT:  vSentry 
WHY  WE  ARE  WATCHING: 

Led  by  a  team  of  security  and 
virtualization  experts  who  had 
worked  at  Citrix,  Bromium 
developed  an  approach  to 
desktop  security  that  virtualizes 


end-user  activities  when  they 
pose  a  threat  of  bringing  in  out¬ 
side  agents  or  malware.  VSentry 
is  built  on  a  “microvisor,”  a 
security-focused  hypervisor 
that  automatically,  instantly 
and  invisibly  hardware-isolates 
each  vulnerable  Windows 
task  in  a  micro-VM  that  cannot 
modify  Windows  or  gain  access 
to  enterprise  data  or  network 
infrastructure. 

6. 

Catbird 

PRODUCT:  vSecurity 
WHY  WE  ARE  WATCHING: 

The  recently  released  vSecurity 
5.0  product  provides  access  con¬ 
trol,  intrusion  detection,  secure 
auditing,  automated  protection, 
visibility  and  efficiency  for  all 
virtualized  machines  because 
it  taps  into  the  hypervisor.  It 
can  enforce  FISMA,  NIST  and 
HIPAA  standards  so  that  users 
can  virtualize  more  assets,  more 
quickly. 

SIEM 

The  problems  of  keeping  up 
with  the  gobs  of  data  generated 
by  security-focused  equipment 
under  your  control  only  gets 
compounded  when  you  bring 
a  public  cloud  service  into  the 
enterprise  mix.  The  leaders 
in  this  space  —  as  determined 
by  the  2012  Gartner  Magic- 
Quadrant  —  are  all  the  big  tra¬ 
ditional  network  and  security 
management  guys  (HP,  IBM 
and  McAfee)  who  all  pur¬ 
chased  niche  players  (ArcSight, 
Q1  Labs  and  NitroSecurity, 
respectively). 

7. 

HP 

PRODUCT:  ArcSight 
WHY  WE  ARE  WATCHING: 

HP  placed  ArcSight  (which 
always  seems  to  score  well  in 
public,  competitive  tests  of 
SIEM  products)  in  the  Enter¬ 
prise  Security  Product  group, 
sharing  office  space  with  HP 
TippingPoint  (an  IPS)  and  HP 


Fortify,  and  has  been  working 
to  build  close  reporting  ties 
between  those  products  to  make 
them  collectively  easier  to  use  in 
large  companies. 

8. 

Q1  Labs,  an  IBM  company 
PRODUCT:  QRadar 
WHY  WE  ARE  WATCHING: 

IBM  bought  Q1  Labs  in  2011 
and  threw  it  into  a  newly  formed 
security  systems  division, 
which  kind  of  marked  the  end 
of  IBM’s  own  Tivoli  SIEM.  IBM 
has  since  added  indexing  and 
query  improvements  to  support 
keyword  search;  improvements 
in  event  storage  scalability;  inte¬ 
gration  with  IBM  DAM  and  sup¬ 
port  for  endpoint  management; 
IPS  firewall;  and  governance, 
risk  and  compliance  tech¬ 
nologies.  IBM  has  announced  a 
co-managed  service  option  for 
QRadar  for  customers  that  want 
to  combine  an  SIEM  technology 
deployment  with  monitoring 
services  from  IBM. 

9. 

McAfee 

PRODUCT:  McAfee  Enterprise 
Security  Manager 
WHY  WE  ARE  WATCHING: 
NitroSecurity  was  known  for 
its  advanced  correlation  engine, 
which  augments  rule-based  cor¬ 
relation  with  risk-based  activity 
profiling.  This  product  also  gets 
really  good  performance  grades 
in  larger  deployments.  Late  last 
year,  McAfee  rolled  out  a  new 
version  that  allows  it  to  pull  in 
data  from  McAfee  Global  Threat 
Intelligence,  risk  data  from 
McAfee  Risk  Advisor,  and  asset 
data  from  McAfee  Vulnerability 
Manager  and  McAfee  ePolicy 
Orchestrator. 

IAG 

Identity  and  access  governance 
is  the  fasted  growing  segment 
of  the  identity  management 
market.  Sales  in  2011  came  in 
around  $300  million.  Analysts 
have  not  published  the  2012  sales 


n umbers  yet,  but  they  are  expect¬ 
ing  35%  to  40%  growth.  Specifi¬ 
cally,  IAG  is  the  class  of  products 
that  request,  approve,  certify  and 
audi  t  access  to  applications,  data 
and  other  IT  services. 

10. 

Aveksa 

PRODUCT:  Access  Governance 

Software  Suite 

WHY  WE  ARE  WATCHING: 

When  the  company  reported 
its  2012  financials  in  January,  it 
announced  that  45%  of  its  rev¬ 
enue  was  coming  from  brand- 
new  customers.  In  December, 
Aveksa  launched  Identity 
and  Access  Management  6.0, 
designed  specifically  to  help 
enterprises  fully  scale  their  IAM 
initiatives  and  manage  the  big 
data  that  is  now  typically  associ¬ 
ated  with  IAM  deployments. 
Shortly  thereafter,  Aveksa  intro¬ 
duced  MyAccessLive,  a  new 
software-as-a-service  (SaaS) 
identity  and  access  manage¬ 
ment  solution  which  provides 
integrated  visibility  and  control 
of  both  cloud  and  on-premises 
applications  in  a  single  cloud- 
based  solution. 

11. 

Courion 

PRODUCT:  Access  Assurance 
Suite  and  CourionLive 
WHY  WE  ARE  WATCHING: 

The  unique  aspect  of  this  prod¬ 
uct  is  that  it  was  designed  using 
a  structured  process  so  that  it 
can  integrate  with  other  ven¬ 
dors’  administration,  analytics, 
workflow  and  reporting  tools. 

12. 

SailPoint 

PRODUCT:  IdentitylQ  WHY  WE 
ARE  WATCHING: 

SailPoint  is  a  fast-growing  firm 
that  takes  a  risk-based  approach 
to  identity  management.  Identi¬ 
tylQ  combines  ID  information 
and  log  data  in  the  same  reposi¬ 
tory  for  report  intelligence.  ■ 
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BACKSPIN  BY  MARK  GIBBS  lliniHilllllllillllillllllllimiillilimilllSIlimillllll 

Six  tips  for  the  care  and  training  of  new  users 

CONGRATULATIONS!  YOU’VE  just  got  a 


new  user! 

As  a  responsible  IT  organization  you 
have  to  recognize  that  this  is  a  big  responsibility.  Your  user  is  probably 
nervous  in  his  new  surroundings  and  doesn’t  know  how  to  behave. 

Whatever  Human  Resources  has  told  him  can’t  possibly  prepare 
him  for  what  he  needs  to  know  in  your  digital  environment  and  he’s 
probably  already  developed  bad  habits  from  wherever  he  was  before. 
Your  job  is  to  make  sure  he’s  going  to  become  a  happy,  productive 
worker  who  won’t  complain  and  ask  dumb  questions  and  make  dumb 
mistake  that  will  aggravate  you. 

To  help  you  train  your  new  user  I  have  six  tips  that  will  ensure  he  stays 
out  of  your  hair,  knows  his  place,  and  doesn’t  waste  your  time. 

1.  Listen  to  your  new  user.  If  your  new  user  doesn’t  understand  the 
computing  environment  you  have  for  him,  don’t  get  exasperated  and 
angry.  Give  him  a  training  course  or,  better  yet,  get  another  of  your  users 
to  train  and  mentor  him.  The  sooner  he  feels  connected  to  the  pack  —  the 
rest  of  the  users  —  the  better  (and  the  less  of  a  problem)  he’ll  be. 

2.  Be  generous  with  your  support ...  at  least  in  the  beginning.  You 
don’t  want  him  to  develop  an  “us  against  them”  attitude  because,  if  he’s 
in  any  way  an  “alpha”  user  (say,  a  senior  manager  or  vice  president),  he 
could  well  start  to  turn  the  rest  of  the  pack  against  you. 

3.  Be  flexible.  Just  because  your  other  users  grok  the  applications 
you’ve  sanctioned  doesn’t  mean  the  new  boy  will.  Maybe  he’s  not 
comfortable  with  Microsoft  Word  10  (and  who  really  is?).  Maybe  he 
was  trained  on  Word  2003  and  has  never  dealt  with  anything  else.  Be 
understanding;  a  new  software  diet  might  upset  his  system.  Introduce 


new  software  carefully. 

4.  Show  him  what  you’re  willing  to  do  rather  than  doing  what  he 
wants  you  to  do.  While  there’s  nothing  wrong  with  saying  “no”  you 
never  want  to  actually  say  it.  You’ll  just  get  him  worked  up  and  resis¬ 
tive.  Persuade  him  with  arguments  like,  “but  that’s  what  the  CEO 
wants.”  He’ll  soon  get  with  the  program. 

5.  Be  consistent.  Make  sure  all  of  your  support  staff  know  how  far  to 
go  in  supporting  him.  If  one  tech  says  “yes”  while  another  says  “no”  the 
mixed  messages  will  confuse  him. 

6.  Be  realistic  about  his  adaptation  to  a  new  environment.  Introduc¬ 
ing  your  new  user  to  his  new  corporate  family  takes  time  and  patience. 
Before  you  make  his  life  hell  for  not  getting  with  the  program,  give  him 
that  extra  care  and  attention.  If  that  doesn’t  work,  then  harsh  discipline 
may  be  necessary.  The  first  time  his  files  disappear  and  IT  shows  him 
how  it  was  his  fault,  he’ll  get  the  message. 

Yes,  getting  a  new  user  is  fun  and  a  challenge,  but  whether  he’ll  wind 
up  being  a  good  user  who  is  with  the  program  and  part  of  the  pack 
depends  on  you  and  your  mastery  of  the  principles  of  user  training. 

Get  your  new  user’s  training  wrong  and  your  time  will  be  eaten  up 
with  demands  and  complaints  and  the  rest  of  the  pack  may  become 
fractious  and  unruly.  But  get  him  in  the  program  from  square  one  and 
everyone  will  be  happy  and  productive. 

Good  luck.  ■ 

Gibbs  is  pack  master  in  Ventura,  Calif.  Training  strategies  at 
backspin@gibbs.com  and  follow  him  on  Twitter  and  App.net  (@ 
quistuipater)  and  on  Facebook  (quistuipater). 
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Falling  for  a  phony  iPhone  cup  holder 


AN  IPHONE  case  that  doubles  as  a  cup 
holder?  Looks  positively ...  well,  ludicrous, 
doesn’t  it?  Yet  that  detail  didn’t  dissuade  a 
fair  number  of  journalists  from  covering  the  contraption’s  funding 
appeal  on  Indiegogo  in  an  entirely  too  serious  manner. 

First  a  Los  Angeles  Times  reporter  wrote  a  straightforward  account 
of  the  gadget,  called  UpperCup,  but  left  himself  an  escape  hatch  in  the 
eighth  paragraph  of  an  eight-paragraph  piece:  “It’s  not  clear  if  this  is 
a  publicity  stunt  for  [Dutch  marketing  firm]  Natwerk  or  if  it  is  a  legiti¬ 
mate  business  idea.  The  company  is,  after  all,  a  marketing  firm.” 

Yes,  it  wasn’t  bet-your-bottom-dollar  clear,  but  it  was  pretty  darn 
obvious.  And  asking  Natwerk  the  question  was  an  option,  too,  which 
well  get  to  in  a  moment. 

Next  the  UPI  news  service  took  the  Times  piece  and  rewrote  it  — 
without  including  the  “publicity  stunt”  possibility;  in  fact,  without  a 
hint  of  skepticism. 

Cult  of  Mac  did  what  blogs  (including  mine)  do  routinely  these  days: 
passed  along  the  oddball  item.  Cult  of  Mac  at  least  cautioned  that  the 
concept  might  make  you  “scratch  your  head.” 

On  Buzzfeed,  the  headline  read:  “This  iPhone  Accessory  Will  Make 
You  Hate  Yourself  For  Wanting  It.” 

A  WebProNews  writer  picked  up  the  Buzzfeed  item  and  opined: 
“This  is  admittedly  a  little  ridiculous.  But  I  can  totally  see  it  selling.” 

And  so  on  and  so  forth. 

While  this  was  going  on.  I  had  mocked  UpperCup  as  a  publicity 
stunt  on  Buzzblog,  and  sent  the  alleged  would-be  makers  three  ques¬ 
tions:  “Is  this  a  joke?”  “Is  this  a  publicity  stunt?”  And,  “Are  you  telling 


me  the  truth?”  When  I  hadn’t  heard  back  in  a 
few  days,  I  sent  the  email  again,  this  time  get¬ 
ting  a  reply  from  a  Natwerk  spokeswoman. 

Here’s  how  that  went: 

Is  this  a  joke? 

“Yes,  pretty  much.  For  instance,  the  fact  that 
we’ve  made  the  whole  thing  about  3  times  as 
thick  as  necessary  we  hoped  would  give  away 
we  weren’t  all  that  serious.  Nevertheless,  we 
really  think  it  is  a  cool  device  and  we  would  really  want  to  have  it  pro¬ 
duced  so  we  can  walk  around  and  be  cool  with  it  attached  to  our  iPhones.” 

That  desire  to  have  it  produced  is  also  a  joke,  since  the  Indiegogo 
crowd  —  apparently  more  skeptical  than  a  bunch  of  bloggers  —  has 
pledged  only  $900  of  the  $25,000  Natwerk  said  it  needed. 

Is  this  a  publicity  stunt? 

“It  actually  isn’t  a  publicity  stunt.  We  didn’t  expect  it  to  get  so  much 
attention.  We  have  a  range  of  products  we  develop  in  between  jobs.  It  is 
a  good  practice  and  keeps  the  creativity  flowing  in  our  company.” 

Allow  me  to  translate:  “It  actually  isn’t  a  publicity  stunt”  means  “It 
actually  is  a  publicity  stunt.” 

Are  you  telling  me  the  truth? 

“Yes.  Can’t  be  more  honest.  I  think  a  dumb  idea  like  this  wouldn’t 
really  make  a  good  promotion  for  our  company.” 

That  depends  on  how  you  feel  about  the  old  any-publicity-is-good- 
publicity  thing.  ■ 

Have  a  comment?  The  address  is  buzz@nww.com. 
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MIDSIZE  BUSINESSES  ARE  THE  ENGINES  OF  A  SMARTER  PLANET 


FROM  LIMITED  I.T.  RESOURCES 
TO  UNLIMITED  POTENTIAL. 


FOR  MIDSIZE  BUSINESSES, 

A  REDEFINING  MOMENT. 

In  the  past,  midsize 
organizations  with  big  ideas 
were  constrained  by  limited 
IT  resources.  Not  anymore. 
With  the  arrival  of  scalable, 
affordable  cloud  computing, 
sophisticated  ideas  for  new 
products  no  longer  languish. 
Personalized  customer 
service  generates  incremental 
sales.  And  new,  revenue-rich 
markets  are  being  created 
every  day. 


It’s  shaking  up  industries  and 
providing  new  opportunities 
for  new  players,  with  many 
pioneering  midsize  businesses 
once  again  leading  the  way. 
Consider:  92%  of  midsize 
companies  say  they  will  pilot 
or  adopt  a  cloud  solution 
within  the  next  36  months. 

Progressive  companies  like 
LINK  Institute,  the  Swiss 
consumer  research  firm  with 
1 10  employees,  are  doing  it 
right  now. 


92%  of  midsize 
companies  say  they 
will  invest  in  the 
cloud  within  the 
next  36  months  .* 


Scale  Flexibly 


What  can  the  cloud  do 
for  your  midsize  business!1 


“We  can  assess 
a  consumer’s 
emotive  response 
more  accurately.  ” 

Tim  Llewellynn, 
nViso  CEO 


Extend  Collaboration 


\  «  / 


REINVENT  WITHOUT 
REINVESTING  IN  I.T. 

LINK  wanted  a  faster,  more 
accurate  way  to  measure 
consumer  sentiment. 
Working  with  a  powerful 
facial  recognition  solution 
created  by  IBM  Business 
Partner  nViso  in  the  IBM 
SmartCloud™  LINK  is 
now  capturing  respondent 
reactions  to  marketing 
messages  in  real  time,  via 
home  webcams.  Scores  are 
generated  every  second  for 
7  emotions.  And  LINK  gets 
its  results  up  to  90%  faster. 


In  the  past,  a  data-rich 
solution  like  LINK’s  would 
have  been  impractical  for  a 
midsize  company.  But  in  the 
cloud,  traditional  research  is 
history.  And  a  new  service 
has  transformed  a  business. 

Get  started  by  learning  how 
IBM  and  its  Business  Partners 
are  helping  midsize  businesses 
reinvent  themselves  at 

ibm.com/engines/cloud 


LET’S  BUILD  A 
SMARTER  PLANET. 


\  1  / 


*2011  IBM  Institute  for  Business  Value/Economist  Intelligence  Unit  Cloud-Enabled  Business  Model  Survey.  IBM,  the  IBM  logo,  ibm.com,  IBM  SmartCloud,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International 
Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytradeshtml.  ©  International  Business  Machines  Corporation  2012 
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Brains  matter.  Particularly  when  you're  dealing  with  robots  and  algorithms.  But  at  Verizon's  Innovation 
Centers,  you’ll  see  another  constant.  Passion.  Smart  people  working  overtime.  Running  on  fumes. 
Because  they  know  what  technology  cam  sol  ve. Th  ey  kn  ow  it  canhelpdoc  to  rsmakeamo  re  informed 
ZJ  Apj,  (  diagnosis  in  seconds  instead  of  months.  They  know  if  we  think  long  and  hard  enough,  we  can  help  insure  a 


constant  supply  of  clean  energy.  Or  help  a  firefighter  see  through  a  blaze.  The  hours  are  long.  But  great. 


nh 


Because  we  believe  the  world's  biggest  challenges,  deserve  even  bigger  solutions. 


verizon 


